“Today Intel released two security advisories addressing 2 medium severity vulnerabilities reported by academic researchers from ETH Zurich who have labeled their side-channel attack as “Retbleed” due to finding a method to potentially bypass a commonly used mitigation technique known as retpoline.”
That’s what Intel said on their blog but the Ars Technica article sure makes this sound more serious than “medium”. According to Ars Technica:
Retbleed can leak kernel memory from Intel CPUs at about 219 bytes per second and with 98 percent accuracy. The exploit can extract kernel memory from AMD CPUs with a bandwidth of 3.9 kB per second. The researchers said that it’s capable of locating and leaking a Linux computer’s root password hash from physical memory in about 28 minutes when running the Intel CPUs and in about 6 minutes for AMD CPUs.
So if I can run code on an x86 server and recover the root password in less than half an hour…that is not medium.
And fixing this could cost up to a 28% performance overhead. Ouch.
Patch up!
There is a white paper available. Unfortunately, no cool logo yet.
Related Posts:
Five Times When Updating Your OS Would Have Saved You From Being Hacked
LowEndBoxTV: AMD Shootout: Ryzen vs. Epyc - Which is Right For You?
Vultr Welcomes AMD Instinct MI300X Accelerators to Enhance Its Cloud Platform
AMD Boosts AI Prowess Through Strategic Acquisition of ZT Systems
Uncle Sam Slips Intel $20B for New Chip Factories
Get Ready to Scan Your Passport If You Want to Buy a VM This Summer
I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.
I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308
- Welcome, Velohost: Cheap VPS Offers in Düsseldorf, Germany From a New Provider! - April 27, 2025
- HostTiger: Amazing High RAM VPS Offers in Istanbul – Get a 32GB RAM VPS for Only $5/mo First Month, $10/mo Recurring! - April 26, 2025
- Piotr Returns: Is Coolify the “Sweet Spot” Between Heroku/Vercel and a Self-Hosted VPS? - April 25, 2025
Leave a Reply