New attack methods work against Spectre mitigations in modern PC CPUs

You May Be Interested In:Warcraft returns: Blizzard updates all three classics with high-res remasters, upgraded Battle.net features


Facepalm: Spectre-based flaws are still causing some security issues in recent Intel and AMD CPUs. A newly developed attack can bypass protection “barriers” OEMs added to avoid personal data leakage. However, microcode and system updates should already be available for affected systems.

Six years ago, security researchers unveiled two new vulnerability categories affecting process execution and data protection on CPUs. Meltdown and Spectre made a considerable splash in generalist and tech-focused media, and the latter is still haunting CPU manufacturers with new “Spectre-class” flaws discovered now and then.

Two researchers at ETH Zurich in Switzerland have exposed a novel attack that can “break” the barriers implemented by Intel and AMD against Spectre-like flaws. The new study focuses on the indirect branch predictor barrier (IBPB), a protection introduced by manufacturers to shield their newer CPUs against Spectre v2 (CVE-2017-5715) and other hardware vulnerabilities of the same type.

The researchers first found a bug in the microcode for 12th-, 13th-, and 14th-gen Intel Core processors and 5th- and 6th-gen Xeon processors that bad actors could use to invalidate IBPB protection. Spectre flaws leak “secret” data filtered through branch prediction – a type of speculative execution used on modern processors to optimize computing processes and gain significant performance advantages.

Unfortunately, an attacker could theoretically bypass IBPB and still try to abuse Spectre to discover root passwords or other sensitive information. Furthermore, AMD Zen and Zen 2 processors have incorrect implementations of the IBPB protection, making it possible for someone to design a Spectre exploit that leaks arbitrary privileged memory contents, like root password hashes. Zen 3 processors could also be vulnerable, although they only discovered a “faint” signal that wasn’t clearly exploitable.

The researchers focused on Spectre exploits working on Linux operating systems since there is no way to obtain Windows or other OS source code. The security team shared details of the security issues with AMD and Intel in June 2024. However, both companies had already discovered the flaws by that time. Chipzilla released a patched microcode in March 2024 (INTEL-SA-00982), and the researchers are now advising PC users to keep their Intel-based systems up-to-date.

Zen + and Zen 2 system owners should also ensure they have the latest updates to the Linux kernel. The company published a security bulletin regarding the IBPB flaw in 2022. The researchers are now working with Linux maintainers to merge their proposed software patch.

share Paylaş facebook pinterest whatsapp x print

Similar Content

Record-high carbon emissions in 2023 erase gains from pandemic decline
Record-high carbon emissions in 2023 erase gains from pandemic decline
GameFi Meme Coin Memebet Token Raises $430K in One Month – Last 24 Hours Until Next Funding Round
GameFi Meme Coin Memebet Token Raises $430K in One Month – Last 24 Hours Until Next Funding Round
Researchers to grow advanced liver tissue in space to improve transplants on Earth
Researchers to grow advanced liver tissue in space to improve transplants on Earth
Hong Kong to Gear Up Crypto Index, Tax Concessions & Stablecoin Regulations
Hong Kong to Gear Up Crypto Index, Tax Concessions & Stablecoin Regulations
Indian Health Insurer Star Health Gets Ransom Demand Just Few Weeks After Data Breach
Indian Health Insurer Star Health Gets Ransom Demand Just Few Weeks After Data Breach
Apple Will Now Let You Share the Location of Your Lost Devices With Third-Parties
Apple Will Now Let You Share the Location of Your Lost Devices With Third-Parties
Flash News Hub | © 2024 | News