Meltdown and Spectre are vulnerabilities in modern computers that can be used to leak passwords and sensitive data. Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer.
The vulnerabilities were found in 2017 by several researches, but were kept secret to give time for CPU and software makers time to try to find fixes to them. Details of Meltdown and Spectre vulnerabilities leaked to the public in the beginning of January 2018 (that was some weeks before planned publication date of the info).
I was active on reporting on those vulnerabilities when they came out. I wrote news article Suorittimissa tietoturvaongelmia – myös ARM-suorittimissa to Uusiteknologia.fi magazine in Finnish (believed to be first news on this topic in Finnish language published in magazine/newspaper). I also immediately wrote to this blog a posting ‘Kernel memory leaking’ Intel processor design flaw.
Many years have passed, and the original Meltdown and Spectre have been pretty much fixed. When the Spectre vulnerability was found, the most dangerous variant was called Spectre v2 or Spectre BTI (Branch Target Injection). Affected CPU makers, such as Intel and Arm, have been developing hardware mitigations to prevent these types of exploits. Processor makers made fixes to hardware, operating systems were changes how they do certain things and even application software was updated so that they would work safer on somewhat unsafe processor environment (for example web browsers were made to be safer).
Since the disclosure of the Spectre and Meltdown vulnerabilities back in January 2018, researchers have continued looking into the security of processors and they have found several other side-channel attack methods. There has been also some new similar issues found over years, but none of them have been nearly as high deal as the original findings.
Now it seems that Spectre vulnerability has made a quite strong comeback: Spectre V2 vulnerability strikes again in Intel Alder Lake & Arm CPUs. Branch History Injection (BHI), a new flavor of the Spectre-v2 vulnerability that affects both new and old Intel processors and specific Arm models, recently came to light. “The mitigations [implemented by Intel and Arm] work as intended, but the residual attack surface is much more significant than vendors originally assumed,” the researchers explained.
A team of researchers from the Vrije Universiteit Amsterdam in the Netherlands has demonstrated a new Spectre attack variant that can bypass hardware mitigations implemented in recent years by Intel and Arm. VU Amsterdam researchers this week disclosed the details of what they have described as an “extension of Spectre v2.” The new variant, dubbed Branch History Injection (BHI) and Spectre-BHB, bypasses those hardware mitigations. Another slightly different variant uncovered by the researchers is called Intra-mode BTI (IMBTI). Rhey described as a “neat end-to-end exploit leaking arbitrary kernel memory on modern Intel CPUs.”
They have also released a video showing the exploit in action.
VUSec security research group and Intel have revealed another Spectre-class speculative execution vulnerability called branch history injection, or BHI. The new exploit impacts all Intel processors released in the last several years and specific Arm core processors. Intel processors affected include the most recent 12th Gen Core Alder Lake CPUs. BHI is a proof-of-concept attack affecting vulnerable CPUs open to Spectre V2 exploits.
VUSec reports that BHI enables cross-privilege Spectre-v2 exploits, allowing kernel-to-kernel (intra-mode BTI) exploits and permitting attackers to place predictor entries into the global branch prediction history make kernel leak data. The result of the attack leaks arbitrary kernel memory on specific CPUs and could reveal hidden data such as passwords.
Surprisingly, AMD chips have shown no effect from this vulnerability at this time from this vulnerability. AMD processors do not appear to be affected by Spectre-BHB. However, researchers at grsecurity this week disclosed the details of a vulnerability affecting AMD CPUs. The issue, tracked as CVE-2021-26341, is related to speculative behavior of branch instructions, and it can result in data leakage. AMD has published an advisory for CVE-2021-26341, as well as a white paper detailing software techniques for managing speculation on its processors.
Branch History Injection (BHI), a new flavor of the Spectre-v2 vulnerability that affects both new and old Intel processors and specific Arm models, recently came to light. The new exploit impacts all Intel processors released in the last several years and specific Arm core processors.
Security researchers have found new a new way to bypass existing hardware-based defenses for speculative execution in modern computer processors from Intel, AMD, and Arm. Today, the three CPU manufacturers have published advisories accompanied by mitigation updates and security recommendations to tackle recently discovered issues that allow leaking of sensitive information despite isolation-based protections.
Intel reports that the company’s processors starting with Haswell (introduced in 2013) and spread to the recent Ice Lake-SP and Alder Lake CPUs. Intel processors affected include the most recent 12th Gen Core Alder Lake CPUs. Intel has published an advisory and a technical document describing the new vulnerabilities, which the chipmaker tracks as CVE-2022-0001 and CVE-2022-0002. The flaws have been assigned a severity rating of “medium.” Intel will release a security patch to mitigate the exploit.
Arm cores, such as the company’s Cortex A15, A57, A72, Neoverse V1, N1, and N2, are reported to be affected. The company will also introduce five mitigations for their affected core series. It is currently unknown if custom series, such as the cores from Qualcomm using Arm’s technology, are affected by the new exploit.
Researchers at grsecurity this week disclosed the details of a vulnerability affecting AMD CPUs. The issue, tracked as CVE-2021-26341, is related to speculative behavior of branch instructions, and it can result in data leakage. AMD has published an advisory for CVE-2021-26341, as well as a white paper detailing software techniques for managing speculation on its processors.
Client and server machines should not be affected as long as those machines have the installed needed patches.
Security researchers advise disabling unprivileged eBPF support to increase precaution from the attack.
Linux systems have received mitigations for Spectre-BHB / BHI on Intel & Arm-based systems. There were added security measures for AMD systems that could potentially be affected. The Linux community has implemented Intel’s recommendations starting in Linux kernel version 5.16 and is in the process of backporting the mitigation to earlier versions of the Linux kernel.
Intel CPUs Suffer Performance Hit From New Spectre-v2 Mitigations article says that Linux publication Phoronix conducted testing that shows the new BHI mitigations could produce severe performance penalties up to 35%.
It seems that AMD fix takes less CPU power. AMD CPUs See Less Than 10% Performance Drop From Revised Spectre-v2 Mitigations
Sources and links to more material:
Spectre V2 vulnerability strikes again in Intel Alder Lake & Arm CPUs, AMD chips unharmed
New Variant of Spectre Attack Bypasses Intel and Arm Hardware Mitigations
Arm has published an advisory, as well as an FAQ, a knowledge base article, and a paper describing the vulnerability and mitigations. Arm tracks the Spectre-BHB vulnerability as CVE-2022-23960.
Intel, AMD, Arm warn of new speculative execution CPU bugs
The AMD Branch (Mis)predictor Part 2: Where No CPU has Gone Before (CVE-2021-26341)
Intel CPUs Suffer Performance Hit From New Spectre-v2 Mitigations
AMD CPUs See Less Than 10% Performance Drop From Revised Spectre-v2 Mitigations