Red Hat response to Retbleed (CVE-2022-29900 / CVE-2022-23816, CVE-2022-29901, CVE-2022-23825) vulnerabilities
Environment
- Red Hat Enterprise Linux (Physical and virtual systems)
- AMD and Intel CPUs
This should impact any RHEL installation of the specified versions, regardless of whether it is physical or virtual. All of the vulnerabilities of this class have been most concerning for public cloud environments, where they could allow data to be obtained from other VMs running on a shared hypervisor.
Issue
Retbleed (CVEs CVE-2022-29900/CVE-2022-23816 and CVE-2022-29901) is a new speculative execution attack which takes advantage of microarchitectural behavior in many modern microprocessors, similar to Spectre v2. An unprivileged attacker can use these flaws to bypass conventional memory security restrictions to gain read access to privileged memory that would otherwise be inaccessible.
Note: CVE-2022-23816 is an alias to CVE-2022-29900.
Resolution
Red Hat has ranked this vulnerability as Moderate severity and will be providing kernel mitigations in an upcoming release for the affected kernels, following the product's Life Cycle phases.
Please subscribe to the below CVE pages for updates and fix availability:
Mitigations
Red Hat Enterprise Linux 7 uses the existing IBRS mitigations for Intel/AMD processors.
Red Hat Enterprise Linux 8/9 can mitigate the flaw in affected Intel/AMD CPUs if booted with the kernel parameter:
spectre_v2=ibrs
Systems booting updated kernels fixing the flaw will require no additional configuration to apply the mitigation. If the mitigation must be disabled, it can be done by booting the kernel with the following kernel cmdline option:
retbleed=off
For Red Hat Enterprise Linux 7, use both of the following option:
spectre_v2=retpoline,force retbleed=off
The Retbleed mitigation may impact performance. A system can be rebooted with the mitigation disabled to compare the on-vs-off performance impact.
Root Cause
Researchers discovered that under specific microarchitectural conditions, return instructions can be forced to be predicted, similar to indirect branches, on both AMD and Intel processors.
Initial fixes to close this attack vector have been queued in upstream. Red Hat Engineering has these patches currently in testing and will deliver them to the relevant streams.
Diagnostic Steps
For more information on affected processors and mitigations please visit:
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments