It seems as Spectre still haunts Intel and AMD processors after cybersecurity researchers found new working speculative execution attacks.
To improve their performance, modern processors try to “guess” what tasks to do next. Speculative execution attacks abuse this mechanism to trick the computer into leaking private information, like passwords or other sensitive data, while it’s working ahead of time on the wrong guesses.
The most popular attack was called Spectre – first observed in early 2018, together with a sister vulnerability called Meltdown. At the time, it was said that most computers were vulnerable to Spectre and Meltdown, and the subsequent rush to fix the flaws made an even bigger mess, with some computers completely bricked as a result.
8BASE and Everest
Now, cybersecurity researchers Johannes Wikner and Kaveh Razavi from ETH Zurich claim that years after Spectre, there are multiple similar attacks that can work around existing defenses.
Among them are two methods that work on Linux, and affect a wide range of Intel processors (Intel’s 12th, 13th, and 14th chip generations for consumers, and 5th and 6th generation of Xeon processors for servers), and many AMD chips (Zen 1, Zen 1+, Zen 2).
The attacks undermine the Indirect Branch Predictor Barrier (IBPB) on x86 processors, it was explained. IBP is pivotal in defending against speculative execution attacks.
In the meantime, the researchers notified both Intel and AMD of their findings, and both companies have acknowledged the existence of the vulnerabilities. In fact, both said they already discovered them and are working on a fix. Intel is tracking it as CVE-2023-38575, and AMD is tracking it as CVE-2022-23824. Intel fixed it with a firmware update released in March, but according to BleepingComputer, the fix has not yet reached all operating systems.
Via BleepingComputer