SoylentNews

An Anonymous Coward writes:

Threatpost [threatpost.com] reports:

[A] new Spectre-class exploit, dubbed SpectreRSB, was detailed by researchers from the University of California at Riverside in a research paper [arxiv.org] [PDF] on Friday. While the flaw still targets the process of speculative execution, unlike other variants, it manipulates a new part of the process called the return stack buffer.

[...]

RSB is a common “predictor structure” in CPUs used to predict return addresses during the speculative execution process. It does so by pushing the return address from a call instruction on an internal hardware stack [...]

Since the disclosure of Spectre in January, various variants have consequently been disclosed by researchers – however, these have all targeted the branch predictor unit or cache within the CPU.

[...]

Researchers said they have reported SpectreRSB to Intel, AMD and ARM [...]

The Register [theregister.co.uk] (CloudFlare-protected) also has an article about SpectreRSB.

"The microarchitecture of Intel, AMD and VIA CPUs [agner.org]" (PDF) by Agner Fog (cited by Wikipedia [wikipedia.org]) has further explanation of what a return stack buffer is:

A Last-In-First-Out buffer, called the return stack buffer, remembers the return address every time a call instruction is executed, and it uses this for predicting where the corresponding return will go. This mechanism makes sure that return instructions are correctly predicted when the same subroutine is called from several different locations.The P1 has no return stack buffer, but uses the same method for returns as for indirect jumps. Later processors have a return stack buffer. [...]

Original Submission