Published in News

Spectre's spooky sequel haunts Linux

by on15 April 2024

Intel’s Ghost in the Machine returns

Tech boffins are quaking in their boots as the ghost of Spectre returns to haunt Linux systems.

According to Bleeping Computer researchers at VUSec have cracked open a chilling new chapter with the "first native Spectre v2 exploit," sending shivers down the spines of many modern Intel processors.

This spectral spectre is a sneaky variant of the original cyber-ghoul, and it's got the tech world in a tizzy. The brainy bunch from VU Amsterdam have even whipped up a nifty tool that sniffs out the Linux kernel's weak spots, all in the name of keeping the digital demons at bay.

This tech terror tale highlights the head-scratching challenge of juggling zippy performance with iron-clad security. It's been six years since Spectre first reared its ugly head, and the industry is still playing catch-up

The plot thickens with speculative execution, a trick where processors play a guessing game with instructions, leading to a potential performance boost. If the guess is wrong, it's back to square one without skipping a beat.

This is a gaping door for data-dabbling devils to swipe privileged info like passwords, encryption keys, and all sorts of top-secret tidbits.

There are two dastardly attack methods: Branch Target Injection (BTI) and Branch History Injection (BHI). This digital dark arts mess with the CPU's crystal ball, leading to unauthorised code paths and data leaks.

Intel's already slapped CVE-2022-0001 and CVE-2022-0002 on BTI and BHI, but now CVE-2024-2201 is the new kid on the block, targeting the Linux kernel.

The CERT Coordination Center dropped the bombshell that this fresh flaw lets sneaky attackers read memory data by outsmarting security measures meant to keep privilege levels separate.

The VUSec squad's 'InSpectre Gadget' tool is on the case, hunting down those exploitable gadgets that are still lurking in the Linux kernel.

Meanwhile, Microsoft's dishing out new guidance to fend off CVE-2024-2201, but they're keeping the training wheels on for now, letting users and admins test the waters on performance.

The Linux world is on red alert, with Illumos, Linux Foundation, Red Hat, SUSE Linux, Triton Data Center, and Xen all scrambling to shore up defences.

Intel is not sitting this dance out, either. They advise disabling unprivileged eBPF, switching on eIBRS and SMEP, and sprinkle in some LFENCE magic to keep the spectre at bay.

Last modified on 15 April 2024
Rate this item
(3 votes)