In short: Hardware vulnerabilities like Spectre, Meltdown, and Downfall have been plaguing Intel processors for years. A recently discovered variant of Spectre poses a similar threat, but Intel and the researchers behind the discovery believe that strengthening current security measures should help guard against this issue.
Newly published research has revealed a security flaw affecting Intel’s 12th, 13th, and 14th generation processors. Similar to Spectre, Meltdown, and Downfall, this flaw could lead to the leak of sensitive information.
Researchers at the University of California, San Diego, discovered the attack, dubbed “Indirector.” It targets the Indirect Branch Indicator (IBI), a critical component of modern Intel processors. As a Spectre V2 attack, it uses branch target injection, which can change where processors send important information.
In addition, the study reveals previously undisclosed information about the operation of the indirect branch predictor, the branch target buffer, and Intel security measures such as IBPB, IBRS, and STIBP. Reverse engineering revealed new vulnerabilities in these processes.
Using a specialized tool, an attacker could insert a multi-target direction path into the IBP, potentially exposing sensitive data. Another method could eject the target user from the IBP and commit a BTB injection attack with a similar outcome.
A more aggressive implementation of IBPB could protect against the flaw, but could result in significant performance hits. The researchers also suggest that Intel strengthen its security in other areas in future designs.
Intel told Tom’s Hardware that its existing countermeasures, such as IBRS, eIBRS, and BHI, are effective against Indirector, and that it will not release additional mitigations. Intel’s website offers detailed explanations of these systems. The researchers plan to reveal more information at the USENIX Security Symposium in August.
With the discovery of Indirector, all modern Intel processors are now vulnerable to at least one known exploit. Spectre has impacted Blue Team processors for over a decade, while Downfall affects mainstream processors from 6th to 11th generation. Meanwhile, Meltdown affects Intel, AMD, and Arm systems.
The researchers tested Indirector on Alder Lake and Raptor Lake processors, potentially exacerbating the issues they were experiencing. For weeks, users running CPU-intensive processes like games and productivity software have been experiencing crashes on Intel’s high-end 13th and 14th generation chips, and the company has yet to find a permanent fix. In the meantime, Intel has asked affected users to undervolt their processors.
It is not yet known whether Chipzilla will be able to avoid these or similar issues with future generations like Arrow Lake and Panther Lake.
News Source : www.techspot.com
Gn tech
