A variant of the dreaded Spectre vulnerability has been discovered, and even though it’s only made it to the proof-of-concept stage, the sheer promise of its destructive power warrants swift action.
Researchers from Intel and VUSec discovered the flaw in both Intel and ARM devices, and have dubbed it Branch History Injection (BHI).
It bypasses Intel’s eIBRS, as well as Arm’s CSV2 mitigations, enabling cross-privilege Spectre-v2 exploits, and kernel-to-kernel exploits. It also allows threat actors to inject predictor entries into the global branch prediction history, essentially leaking sensitive data, such as passwords (opens in new tab).
AMD hardware unaffected this time
The list of affected chips is quite extensive, covering all of Intel’s processors, from Haswell (2013) onwards (to Ice Lake-SP and Alder Lake) are reportedly affected, as well as various ARM chips (Cortex A15, A57, A72, Neoverse V1, N1, N2). So far, it’s been said that AMD chips are unaffected by the flaw.
This is also just a proof-of-concept vulnerability, that’s already being mitigated by both affected companies, which means its use in the wild through malware (opens in new tab) should be relatively limited. Whether or not the upcoming patches will severely impact the endpoints (opens in new tab)’ performance, as was the case with early Spectre and Meltdown patches, remains to be seen.
> Keeping your CPU safe from Spectre imposes serious performance penalty (opens in new tab)
> New Meltdown and Spectre exploits have been built, but aren’t in the wild… yet (opens in new tab)
> Intel's Amber Lake, Whiskey Lake Spectre and Meltdown protections aren't 100% hardware-based (opens in new tab)
Spectre, along with Meltdown, are two extremely severe hardware vulnerabilities that affect Intel, IBM POWER, and some ARM-based processors. While Intel has since implemented hardware mitigations for the vulnerability in newer processors, older ones have to rely on software fixes that come with a performance penalty.
A detailed breakdown of the vulnerability, and its exploit (which seems to be relatively more complex than its early-days predecessor), can be found on this link (opens in new tab).
VUSec has published a YouTube video demonstrating how the flaw works, leaking a password in the process. You can find the video here (opens in new tab).
- Check out the best ransomware protection (opens in new tab) available now
Via: Tom's Hardware (opens in new tab)