VUSec security experts, together with Intel, have reported a new Specter class vulnerability regarding speculative execution of commands by processor cores. Notably, the new Intel Alder Lake processors and some Arm cores were also vulnerable to attack, although more than enough patches have been created from Specter and its variants over the years, both software and hardware. And here is a new gap in the old place.
Let’s reassure right away that the attack method and the proposed exploit were created in a test tube – this is just a proof of feasibility. In the “wild nature” nothing like this was found. In any case, nothing is reported about attacks using the new hole.
The new vulnerability is called branch history injection (BHI). The new exploit bypasses Intel’s eIBRS and Arm’s CSV2 patches, according to Phoronix. The BHI vulnerability again allows cross-privileged Specter-v2 exploits, which opens the way to running exploits from kernel to kernel (so-called intra-mode BTIs) and allows attackers to write predictors (prediction parameters) to the global branch prediction history to leak kernel data. Thus, arbitrary kernel memory can be stolen, which will lead to the leakage of confidential data – passwords and other things.
The vulnerability affects all Intel processors, from Haswell (released in 2013) to the latest Ice Lake-SP and Alder Lake. A complete list of affected processors can be found at this link . In the meantime, the company is preparing a software patch that will fix the problem. What this will result in for processor performance, no one can say today. From the position of Intel, the BHI vulnerability received official indices CVE-2022-0001 and CVE-2022-0002.
Many Arm cores were also affected. In particular, Cortex A15, A57, A72, as well as Neoverse V1, N1 and N2. Arm is expected to release software to fix the vulnerability. But it is still not clear if this vulnerability affects processors released by Arm customers, such as Qualcomm. Arm does not yet cover the timing of the release of patches. The new Arm vulnerability index is CVE-2022-23960.
AMD processors, according to the researchers, are not affected by this vulnerability.