A variant of the dreaded Spectre vulnerability has been discovered, and even though it’s only made it to the proof-of-concept stage, the sheer promise of its destructive power warrants swift action.
Researchers from Intel and VUSec discovered the flaw in both Intel and ARM devices, and have dubbed it Branch History Injection (BHI).
It bypasses Intel’s eIBRS, as well as Arm’s CSV2 mitigations, enabling cross-privilege Spectre-v2 exploits, and kernel-to-kernel exploits. It also allows threat actors to inject predictor entries into the global branch prediction history, essentially leaking sensitive data, such as passwords.
AMD hardware unaffected this time
The list of affected chips is quite extensive, covering all of Intel’s processors, from Haswell (2013) onwards (to Ice Lake-SP and Alder Lake) are reportedly affected, as well as various ARM chips (Cortex A15, A57, A72, Neoverse V1, N1, N2). So far, it’s been said that AMD chips are unaffected by the flaw.
This is also just a proof-of-concept vulnerability, that’s already being mitigated by both affected companies, which means its use in the wild through malware should be relatively limited. Whether or not the upcoming patches will severely impact the endpoints’ performance, as was the case with early Spectre and Meltdown patches, remains to be seen.
Spectre, along with Meltdown, are two extremely severe hardware vulnerabilities that affect Intel, IBM POWER, and some ARM-based processors. While Intel has since implemented hardware mitigations for the vulnerability in newer processors, older ones have to rely on software fixes that come with a performance penalty.
A detailed breakdown of the vulnerability, and its exploit (which seems to be relatively more complex than its early-days predecessor), can be found on this link.
VUSec has published a YouTube video demonstrating how the flaw works, leaking a password in the process. You can find the video here.
- Check out the best ransomware protection available now
Via: Tom's Hardware