Published in News

Spectre is back from the dead

by on10 March 2022

Harder to kill than Dracula

The embarrassing defect in Intel CPUs Spectre appears to have made a comeback.

It appears that someone has managed to gather a ring belonging to idiot that created the flaw, chanted over a grave at midnight and rebuilt the whole crisis again from the dust of its corpse.

Security research group VUSec and Intel confirmed the existence of a new speculative execution vulnerability labeled branch history injection (BHI).

Classified as a by-product of Spectre V2, BHI is a proof-of-concept exploit capable of leaking arbitrary kernel memory on Intel CPUs. As a result, sensitive data such as passwords can be extracted. Intel processors released in the past few years, which includes its latest 12th-generation Alder Lake processors, are said to be affected.

Some ARM silicon is vulnerable to the exploit, although AMD CPUs seem to remain immune to potential BHI attacks.

Phoronix however said that the LFENCE-based mitigation is deemed no longer sufficient for mitigating Spectre V2 attacks. Now the Linux kernel will use return trampolines “retpolines” by default on all AMD processors.

“Various AMD CPUs have already defaulted to using Retpolines for Spectre V2 mitigations, while now it will be the default across the board for AMD processors,” the magazine wrote.

Vusec provided further insight into how the exploit can find its way through mitigations that are already in place.

While hardware mitigations prevent an attacker from injecting predictor entries for the kernel, they can still make use of a global history in order to select target entries to speculatively execute. “And the attacker can poison this history from Userland to force the kernel to mispredict to more “interesting” kernel targets that leak data,” the report added.

Intel has published a list of CPUs affected by the exploit, confirming that several generations of chips ranging back to 2013 (Haswell) can be infiltrated, including Coffee Lake, Tiger Lake, Ice Lake, and Alder Lake. Ice Lake servers were also mentioned on the list.

Chips from ARM, including Neoverse N2, N1, V1, Cortex A15, A57, and A72, have all been found to be impacted as well. Depending on the system on a chip, the chip designer is issuing five different mitigations.

Intel is expected to release a software patch to address the new Spectre-based BHI exploit.  A spokesIntel said that the new attack, as demonstrated by researchers, was previously mitigated by default in most Linux distributions.

“The Linux community has implemented Intel’s recommendations starting in Linux kernel version 5.16 and is in the process of backporting the mitigation to earlier versions of the Linux kernel.”


Last modified on 10 March 2022
Rate this item
(2 votes)

Read more about: