Google Reveals a Far More Dangerous ‘Retbleed’ Exploit for AMD CPUs
Researchers at Google have unveiled an enhanced method for exploiting the Retbleed vulnerability — a flaw that enables the extraction of arbitrary data from the memory of any process on affected systems. This weakness impacts AMD processors based on the Zen and Zen 2 architectures and leverages speculative execution, a performance-boosting technology integral to modern CPUs.
The issue was first comprehensively documented by the ETH Zürich team in 2022, but the new proof-of-concept demonstrates far more dangerous capabilities. The exploitation hinges on manipulating the branch predictor and employing covert data exfiltration channels via the CPU cache, using the Flush+Reload technique. Unlike many hardware vulnerabilities, Retbleed cannot be fully mitigated through microcode updates — only resource-intensive software workarounds are available.
In their demonstration, the researchers achieved data leakage speeds of around 13 KB/s with high accuracy — sufficient for real-world attacks ranging from enumerating all active processes and virtual machines on a server to extracting highly sensitive information, including cryptographic keys. Alarmingly, the attack can be launched from isolated, unprivileged environments, such as the Chrome browser sandbox, underscoring its severity.
The method poses an especially grave threat to virtualized and cloud infrastructures. Tests confirmed that malicious code running inside a compromised virtual machine could access the host system’s memory — and even read data from other virtual machines on the same physical server. For cloud service providers hosting clients of varying trust levels on shared hardware, this creates a critical security risk.
The exploit’s authors overcame the core limitations of the earlier approach by introducing speculative Return Oriented Programming (ROP) to craft optimal “disclosure gadgets” absent in standard kernel code. They also refined techniques for training the branch predictor and bypassing Kernel Address Space Layout Randomization (KASLR).
Of the available mitigations, the jmp2ret defense imposes a performance penalty of 5–6%, while the stricter Indirect Branch Prediction Barrier (IBPB) can slow certain workloads by as much as 55–60%, making it impractical for high-performance systems.
This research illustrates that even long-known vulnerabilities can be reimagined for more destructive scenarios. Operators of systems powered by affected AMD processors — particularly within the cloud computing sector — must weigh the trade-offs between security and performance, recognizing that architectural-level attacks demand ongoing vigilance and the development of more efficient countermeasures.
