x86/AMD: Speculative Return Stack Overflow

ISSUE DESCRIPTION

Researchers from ETH Zurich have extended their prior research (XSA-422, Branch Type Confusion, a.k.a Retbleed) and have discovered INCEPTION, also know as RAS (Return Address Stack) Poisoning, and Speculative Return Stack Overflow.
The RAS is updated when a CALL instruction is predicted, rather than at a later point in the pipeline. However, the RAS is still fundamentally a circular stack.
It is possible to poison the branch type and target predictions such that, at a point of the attackers choosing, the branch predictor predicts enough CALLs back-to-back to wrap around the entire RAS and overwrite a correct return prediction with one of the attackers choosing.
This allows the attacker to control RET speculation in a victim context, and leak arbitrary data as a result.
For more details, see: <a href=“https://comsec.ethz.ch/inception”>https://comsec.ethz.ch/inception</a> <a href=“https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-7005”>https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-7005</a>

IMPACT

An attacker might be able to infer the contents of memory belonging to other guests.

VULNERABLE SYSTEMS

Only CPUs from AMD are believed to be potentially vulnerable. CPUs from other manufacturers are not believed to be impacted.
At the time of writing, all in-support AMD CPUs (that is, Zen1 thru Zen4 microarchitectures) are believed to be potentially vulnerable. Older CPUs have not been analysed.
By default following XSA-422, Xen mitigates BTC on AMD Zen2 and older CPUs by issuing an IBPB on entry to Xen. On Zen2 and older CPUs, this is believed to be sufficient to protect against SRSO too.
AMD Zen3 and Zen4 CPUs are susceptible to SRSO too. All versions of Xen are vulnerable on these CPUs.