Users of 32-bit Linux distributions have another reason to consider an upgrade following the news that their kernels will not be patched against the latest speculative execution attack, known as Retbleed. The attack, classified as CVE-2022-29900 and CVE-2022-29901, has led to a number of Linux patches, according to reporting from Phoronix.
A variant of Spectre, Retbleed exploits one of the mitigations against such attacks, and affects particular x86-64 (AMD Zen 1/1+/2 and Intel Core 6th through 8th Gen). It has been addressed in a 64-bit Linux kernel update (and Windows users should already have received mitigations). But the amount of work involved means that the 32-bit Linux kernel won’t be getting the same treatment.
The attack exploits retpolines, a mitigation against Spectre introduced in 2018 that’s a portmanteau word of ‘return’ and ‘trampoline’. The original attack used indirect branches in a processor’s speculative execution system to steal information from the system memory through branch mispredictions leaking data. But retpolines replaced these branches with a return that uses a never-executed infinite loop to prevent a processor from speculating on the target of an indirect jump.
These retpolines can now be bypassed by the new exploit, leading to arbitrary information leaking from a computer’s memory. While at least one proof-of-concept exploit using Retbleed has been coded, it’s unknown if the exploit is at large on the internet.
Responding to queries on the lore.kernel.org mailing list, Intel’s Pawan Gupta wrote: "Intel is not aware of production environments that use 32-bit mode on Skylake-gen CPUs. So this should not be a concern.”
His colleague Peter Zijlstra added: "Yeah, so far nobody cared to fix 32-bit. If someone *realllllly* cares and wants to put the effort in I suppose I'll review the patches, but seriously, you shouldn't be running 32-bit kernels on Skylake / Zen based systems, that's just silly."
So the message is clear: If you’re running a 32-bit Linux distro on a Skylake-vintage CPU, stop it immediately and upgrade to 64bit.