:strip_exif()/i/2004648158.jpeg?fit=%2C&ssl=1)
Security researchers from the Free University in Amsterdam have discovered a new Specter vulnerability. That vulnerability affects many modern Intel processors and certain Arm CPUs. Both companies are coming with security updates that should fix the problem.
The security researchers call the attack Branch History Injection, aka BHI or Specter-BHB. It is a new variant of the existing Specter-V2 vulnerability. The researchers have a proof of concept exploit made that allow them to intercept the kernel memory of modern Intel CPUs. In a video, for example, the researchers know a root entry to be leaked on a system with an Intel Core i7-10700K. Certain Arm CPUs are also affected, although the vulnerability does not appear to impact AMD processors. writes Phoronix.
BHI can bypass hardware mitigations for Specter-V2, such as eIBRS and CSV2. The new vulnerability allows hackers to predictor entries inject into the global branch prediction history and thereby leak kernel data.
Intel has published a complete list with processors vulnerable to Specter-BHB. It shows that all chips that the company has released since 2013 are vulnerable; the list starts with the Haswell generation and also includes the recent Alder Lake consumer CPUs and Ice Lake server processors. Intel releases security updates and mitigations for the vulnerability. For example, these have already been implemented in Linux kernel version 5.16 and retroactively added to older kernel versions.
Several Arm cores are also vulnerable, including Cortex A15, A57, A78, X1, and X2 cores, which are used in smartphones, for example. Neoverse N2, Neoverse N1, and V1 cores for servers and HPC purposes are also vulnerable. Arm also comes with updates that should mitigate the problems. AMD chips don’t seem to be affected. The Intel vulnerabilities are being tracked on CVE-2022-0001 on CVE-2022-0002† Arm used CVE-2022-23960.
–
