Intel CPUs are still vulnerable to Spectre threats

Meltdown and Spectre
(Image credit: Shutterstock)

Intel CPUs are still vulnerable to Spectre attacks, despite both hardware and software mitigations, new research has claimed.

A team of scientists from the Vrije Universiteit Amsterdam, a public research university in The Netherlands, claim they developed a new technique that allowed them to extract sensitive information such as passwords and keys, from vulnerable Intel devices.

The technique leveraged the same methods as the infamous Spectre attack, pulling data from kernel memory and other areas of RAM which shouldn’t be accessible, all thanks to a feature that predicts what the chip should do next. The predictive feature’s goal was to make the device faster.

Open source effort

They call the new technique InSpectre Gadget. It looks for “gadgets” - code snippets, even on devices with Spectre protections set up. In a demonstration, the researchers said they worked around the FineIBT security solution and pulled data from protected kernel memory.

"We show that our tool can not only uncover new (unconventionally) exploitable gadgets in the Linux kernel, but that those gadgets are sufficient to bypass all deployed Intel mitigations," the researchers explained. 

"As a demonstration, we present the first native Spectre-v2 exploit against the Linux kernel on last-generation Intel CPUs, based on the recent BHI variant and able to leak arbitrary kernel memory at 3.5 kB/sec."

The vulnerability is tracked as CVE-2024-2201 and allegedly works against all Intel CPUs.

InSpectre Gadget is an open source tool, the researchers added. "Our efforts led to the discovery of 1,511 Spectre gadgets and 2,105 so-called 'dispatch gadgets. The latter are very useful for an attacker, as they can be used to chain gadgets and direct speculation towards a Spectre gadget."

Spectre is a critical vulnerability discovered back in 2018, together with the Meltdown flaw. It was said that a mechanism which allowed modern CPUs to work faster was leaking sensitive data. Mitigations also resulted in some devices working slower.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

TOPICS