Google security researchers Matteo Rizzo and Andy Nguyen have published details of a significantly improved exploit for the Retbleed CPU vulnerability that can steal sensitive data from well-secured systems at speeds of up to 13 KB/s.
Their research, published on August 7, 2025, demonstrates how attackers can bypass modern security protections and access arbitrary physical memory from sandboxed processes and virtual machines.
Enhanced Threat Capabilities
Retbleed, originally discovered in 2022 by ETH Zürich researchers, affects modern processors, particularly AMD’s Zen and Zen 2 architectures.
The vulnerability exploits speculative execution in CPU return instructions, allowing attackers to read all data in host physical memory.
Google’s enhanced version is approximately three times faster than the original exploit and works within highly restrictive sandbox environments.
The exploit achieves 100% accuracy under ideal conditions and can successfully extract cryptographic keys, process information, and sensitive data from both the host system and other virtual machines running on the same physical hardware.
Most concerning is its ability to operate from within sandboxed processes, including those protected by Chrome’s sandbox, gVisor, and other security frameworks.
Minimal Attack Requirements
The researchers demonstrated that their exploit requires access to only three common system calls: mmap, mprotect, and sched_yield.
These system calls are fundamental to most computing workloads and are typically allowed even in restrictive sandbox policies, making the attack highly practical for real-world scenarios.
The entire exploit compiles to just 4 KB of shellcode (2.3 KB when compressed), enabling easy injection into compromised targets.
The attack works by training CPU branch predictors to control speculative execution and using cache covert channels to extract leaked data.
Significant Performance Impact of Mitigations
Software mitigations for Retbleed come with substantial performance penalties. Google’s testing revealed overhead costs of 5-6% for the jmp2ret mitigation and a staggering 55-60% performance impact for the IBPB mitigation on Redis workloads.
These costly performance trade-offs have led many organizations to seek alternative protection strategies.
The vulnerability cannot be fixed through microcode updates and requires software-level mitigations that fundamentally change how the operating system handles branch prediction and context switching.
Industry Response and Mitigation
Google Cloud has responded by migrating workloads that execute arbitrary user code away from affected CPU models.
The company has also implemented stricter sandbox policies and upgraded to VM-based sandboxing systems that are more resistant to CPU-level vulnerabilities.
AMD addressed Retbleed in newer CPU generations starting with Zen 3 processors, but millions of systems running older hardware remain vulnerable.
The Linux kernel includes default mitigations, though their performance impact makes them unsuitable for many high-performance applications.
The research highlights the ongoing challenge of securing systems against sophisticated CPU vulnerabilities that exploit fundamental processor optimizations designed to improve performance.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1600,900&ssl=1&description=Their research, published on August 7, 2025, demonstrates how attackers can bypass modern security protections and access arbitrary physical memory from sandboxed processes and virtual machines.){kind=link}