New Intel CPU Flaw Bypasses Spectre v2 Defenses to Leak Kernel Memory
a year ago
- #spectre-v2
- #cybersecurity
- #intel-cpu
- Researchers from ETH Zurich discovered a new class of vulnerabilities called 'Branch Privilege Injection' (BPI) affecting all modern Intel CPUs.
- BPI exploits race conditions in branch predictor updates, allowing attackers to leak sensitive kernel data even on fully patched systems.
- The flaw undermines key hardware defenses like eIBRS, AutoIBRS, and BHI_DIS_S against Spectre v2 attacks.
- Three variants of Branch Predictor Race Conditions (BPRC) were identified: BPRCU→K, BPRCG→H, and BPRCIBPB.
- A proof-of-concept exploit was developed to leak root password hashes from Linux systems with high accuracy and speed.
- The vulnerability affects Intel CPUs supporting eIBRS, including Alder Lake, Raptor Lake, and older Skylake processors.
- Intel acknowledged the issue (CVE-2024-45332) and developed a microcode update with minimal performance impact.
- Recommended mitigations include using Retpolines with RRSBA_DIS_S or disabling indirect branch prediction in supervisor mode.
- Users are urged to apply Intel's firmware updates for a robust fix.