Yet another new variant of Spectre attack that bypasses the previous hardware mitigation measures has been demonstrated by researchers. Although it is still under observation, the research claims that it is a variant of Spectre-BTI (Branch Target Injection) discovered in 2017.
About the new Spectre-BHI attack
- Dubbed Spectre-BHI (Branch History Injection), the new speculative injection attack was first demonstrated by VuSec researchers in collaboration with Intel.
- According to researchers, it is an extension of Spectre V2 that circumvents previous hardware mitigation deployed by Intel and Arm. The exploitation of the flaws can lead to a leak of sensitive information from the privileged kernel memory space.
- While Intel has designated the flaws as CVE-2022-0001 and CVE-2022-0002, ARM tracks both the flaws as CVE-2022-23960.
- These flaws can be triggered by abusing the CPU’s branch history which later allows attackers to read restricted memory data.
Which systems are affected by Spectre-BHI?
- Researchers claim that any Intel or ARM CPU that was affected by Spectre-v2 is likely to be affected by BHI too.
- Intel says that almost all of the CPUs, except for those belonging to the Atom CPU family, are affected by the flaws.
- ARM has also released an advisory that includes several versions of Cortex and Neoverse processors, among the vulnerable processors.
Mitigation measure taken
According to Intel, the flaws can be addressed by making adjustments to the Linux kernel. Administrators can update their systems to the 5.16 of kernel release to receive new controls that lock down the protected memory. Meanwhile, ARM has planned to add ClearBHB instruction to clear the CPU branch history buffer to the extent to mitigate Spectre-BHB.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/90cf_shutterstock_530465965.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_266338532.jpg)
