Retbleed - arbitrary speculative code execution with return instructions


#### ISSUE DESCRIPTION Researchers at ETH Zurich have discovered Retbleed, allowing for arbitrary speculative execution in a victim context. For more details, see: <a href="https://comsec.ethz.ch/retbleed">https://comsec.ethz.ch/retbleed</a> ETH Zurich have allocated CVE-2022-29900 for AMD and CVE-2022-29901 for Intel. Despite the similar preconditions, these are very different microarchitectural behaviours between vendors. On AMD CPUs, Retbleed is one specific instance of a more general microarchitectural behaviour called Branch Type Confusion. AMD have assigned CVE-2022-23816 (Retbleed) and CVE-2022-23825 (Branch Type Confusion). For more details, see: <a href="https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037">https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037</a> On Intel CPUs, Retbleed is not a new vulnerability; it is only applicable to software which did not follow Intel's original Spectre-v2 guidance. Intel are using the ETH Zurich allocated CVE-2022-29901. For more details, see: <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html">https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html</a> <a href="https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/return-stack-buffer-underflow.html">https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/return-stack-buffer-underflow.html</a> ARM have indicated existing guidance on Spectre-v2 is sufficient. #### IMPACT An attacker might be able to infer the contents of arbitrary host memory, including memory assigned to other guests. #### VULNERABLE SYSTEMS Systems running all versions of Xen are affected. Whether a CPU is potentially vulnerable depends on its microarchitecture. Consult your hardware vendor. For ARM and Intel CPUs, Xen implemented the vendor-recommended defaults in XSA-254 and follow-on fixes. Therefore, the Xen Security Team believes there are no further changes necessary on these CPUs. Administrators who deviated from the default mitigations are potentially affected and should re-evaluate their threat model. For AMD, CPUs from the Zen2 microarchitecture and earlier are potentially vulnerable. Zen3 and later CPUs are not believed to be vulnerable. The patches for Xen implement the IBPB-at-entry mitigation. This depends on the IBPB microcode distributed by AMD in 2018 as part of the original Spectre/Meltdown work. Consult your dom0 OS vendor. In addition to IBPB, "cross thread" safety is necessary. On Zen2 CPUs, Xen uses STIBP by default. On Zen1 CPUs, SMT needs disabling either in the firmware, or by passing `smt=0` on Xen's command line. On Fam15h CPUs, Cluster Multi-Threading needs disabling in firmware. Due to performance concerns, dom0 is excluded from IBPB-on-entry protections by default. This is because PV dom0 is trusted in most deployments. If your threat model model doesn't allow for dom0 to be treated specially, boot with `spec-ctrl=ibpb-entry` which will cause IBPB-on-entry protections to be applied to dom0 too.