[ad_1]
Researchers discover flaws in speculative execution defenses that can leave Intel and AMD processors vulnerable despite previous mitigations. Enterprises are urged to implement immediate patches.
Researchers from ETH Zurich have discovered new vulnerabilities in Intel and AMD processors, six years after the Spectre security flaws were first identified.
The new Spectre variant, named “Post-Barrier Spectre,” allows attackers to bypass critical security barriers and access sensitive information, such as hashed passwords, despite earlier mitigations designed to prevent such attacks.
The research, conducted by Johannes Wikner and Kaveh Razavi of ETH Zurich University, points out weaknesses in the Indirect Branch Predictor Barrier (IBPB), a defense mechanism introduced to protect against Spectre v2 attacks. Despite Intel and AMD’s efforts to fix previous vulnerabilities, the researchers were able to bypass IBPB and retrieve sensitive data, such as “the hash of the root password from a suid process” on recent Intel chips.
“Despite many years of mitigations after the original Spectre attacks, new variants continue to appear,” the researcher duo wrote in the paper “Breaking the barrier: Post barrier Spectre attacks.”
Spectre’s continued threat
Spectre refers to a flaw in modern processor designs that take advantage of speculative execution, a performance feature in which the processor predicts upcoming tasks and executes them in advance.
While this speeds up processing, it can also lead to security risks if an attacker manages to force the processor to access out-of-bounds memory, exposing confidential information like passwords or encryption keys.
The Spectre vulnerability, first disclosed in 2018, continues to be a challenge for hardware manufacturers and software developers alike. While Intel and AMD have made efforts to address the issue, the discovery of new attack methods demonstrates that these patches are not foolproof.
Spectre attacks remain a significant concern because they exploit the core architecture of modern processors, and fully eliminating the risk may require more comprehensive hardware redesigns.
“By forcing processors to make incorrect predictions, attackers can gain access to sensitive data stored in memory,” the researchers noted in the paper.
Wikner and Razavi’s research found that even with the IBPB defense, Intel’s processors still allow branch predictions to be reused, leading to security leaks.
“We found a microcode bug in recent Intel microarchitectures, like Golden Cove and Raptor Cove, which retains branch predictions that should have been invalidated by the IBPB,” the researchers noted. “Such post-barrier speculation allows an attacker to bypass security boundaries imposed by process contexts and virtual machines.”
The duo found that this flaw affects several Intel processors, including 12th, 13th, and 14th generation Intel Core processors and 5th and 6th generation Intel Xeon processors. These processors were specifically designed to address the vulnerabilities identified in earlier Spectre variants, but this newly discovered bug allows attackers to bypass those security defenses.
The research also found that AMD’s Zen 2 architecture is vulnerable to similar attacks, enabling unprivileged processes to leak arbitrary kernel memory. These issues put both Linux and enterprise users at risk. The vulnerabilities in Zen 1(+) and Zen 2 processors highlight ongoing challenges for hardware manufacturers as they attempt to safeguard against speculative execution flaws.
Queries to Intel and AMD remain unanswered.
Delayed patches and incomplete fixes
Intel released a microcode patch in March 2024 to fix the issue, but not all hardware has received the update yet. The researchers noted that the patch wasn’t available in some systems, such as those running Ubuntu, at the time they conducted their study.
AMD addressed the issue earlier in November 2022 with a security advisory. However, the company noted that further action is needed from operating system vendors and hypervisor developers to fully mitigate the risks.
“Intel informed us that their issue, tracked under INTEL-SA-00982, had been found internally and fixed in a microcode update,” the researchers stated in the paper. “This microcode update was, however, not available in Ubuntu repositories at the time of writing this paper. Because AMD’s issue was previously known and tracked under AMD-SB-1040, AMD considers the issue a software bug.”
Wikner and Razavi are currently working with Linux kernel maintainers to merge their proposed software patch, which will help further secure systems running affected AMD processors.
For now, enterprises and users running affected Intel and AMD processors are advised to ensure they have the latest patches and security updates. However, this may not be enough to completely mitigate the risks, as new vulnerabilities continue to surface.
[ad_2]
Source link