Retbleed

Retbleed is a speculative execution attack on x86-64 and ARM processors, including some recent Intel and AMD chips. First made public in 2022, it is a variant of the Spectre vulnerability which exploits retpoline, which was a mitigation for speculative execution attacks.

According to the researchers, Retbleed mitigations require extensive changes to the system which results in up to 14% and 39% performance loss on Linux for affected AMD and Intel CPU respectively. The PoC works against Intel Core 6th, 7th and 8th generation microarchitectures and AMD Zen 1, Zen 1+, and Zen 2 microarchitectures.

An official document from ARM informs that all ARM CPUs affected by Spectre are also affected by Retbleed.

Windows is not vulnerable because the existing mitigations already tackle it. Linux kernels 5.18.14 and 5.19 contain the fixes. The 32-bit Linux kernel, which is vulnerable, will not receive updates to fix the issue.