The Specter flaw is back – and Intel’s Alder Lake isn’t safe

Intel processors have been subject to several significant security vulnerabilities in recent years, namely Meltdown and Spectre. Today, the latter has appeared again.

As reported by Tom’s Hardware and PhoronixSecurity Research Group VUSec and Intel have confirmed the existence of a new speculative execution vulnerability called Branch History Injection (BHI).

Classified as a by-product of Specter V2, BHI is a proof-of-concept exploit capable of leaking arbitrary kernel memory on Intel processors. As a result, sensitive data such as passwords can be extracted. Intel processors released in recent years, which include its latest 12th generation Alder Lake processors, would be affected.

Some ARM silicon have also been found to be vulnerable to the exploit. When it comes to AMD processors, security researchers initially found that they remain immune to potential BHI attacks. However, some developments in this area seem to suggest otherwise.

“LFENCE-based mitigation is no longer considered sufficient to mitigate Specter V2 attacks. Going forward, the Linux kernel will use the default ‘retpolines’ rebound trampolines on all AMD processors,” Phoronix said. Explain. “Various AMD processors have already defaulted to Retpolines for Specter V2 mitigations, whereas now it will be the default for all AMD processors.”

Vusec provided additional insight how the exploit can find its way through the mitigations already in place. Although hardware mitigations prevent an attacker from injecting predictor inputs for the kernel, they can still use a global history to select target inputs to run speculatively. “And the attacker can poison this Userland history to force the kernel to incorrectly predict more ‘interesting’ kernel targets (i.e. gadgets) that leak data,” the report adds.

Intel has published a list of processors affected by the exploit, confirming that multiple generations of chips dating back to 2013 (Haswell) can be infiltrated, including Coffee Lake, Tiger Lake, Ice Lake, and Alder Lake. Ice Lake servers were also on the list.

ARM chips including Neoverse N2, N1, V1, Cortex A15, A57 and A72 were also found to be affected. Depending on the system on a chip, the chip designer emits five different attenuations.

Intel is expected to release a software patch to resolve the new Spectre-based BHI exploit. In the meantime, the chipmaker provided Phoronix with a statement on BHI regarding its impact on Linux systems:

“The attack, as demonstrated by the researchers, was previously mitigated by default in most Linux distributions. The Linux community has implemented Intel’s recommendations starting with Linux kernel version 5.16 and is in the process of to backport the mitigation to earlier versions of the Linux kernel.

When Specter and Meltdown were originally discovered as a CPU vulnerability in 2018, lawsuits began to be filed against Intel, alleging the company knew about the flaws but kept them quiet while continuing to sell the silicon. in question. As highlighted by Tom’s Hardwareas of mid-February 2018, a total of 32 lawsuits have been filed against Team Blue.

Intel recently introduced an extension of its existing Bug Bounty program with Project Circuit Breaker, an initiative to recruit “elite hackers”. Finding bugs in firmware, hypervisors, GPUs, chipsets and other areas could result in a financial windfall for participants, with payouts potentially reaching the six-figure range.

Editors’ Recommendations

About Jon Moses

Check Also

Secure your home assistant installation with a free SSL certificate

Available for Windows, macOS and Linux systems (including Raspberry Pi), the open source Home Assistant …