Categories
Brand

New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors

الثلاثاء، 29 أكتوبر 2024

While the execution results of transient instructions are not committed to the architectural program state, it's still possible for them to load certain sensitive data into a processor cache through a forced misprediction, thereby exposing it to a malicious adversary that would otherwise be blocked from accessing it.

Intel describes IBPB as an "indirect branch control mechanism that establishes a barrier, preventing software that executed before the barrier from controlling the predicted targets of indirect branches executed after the barrier on the same logical processor."

It's used as a way to help counter Branch Target Injection (BTI), aka Spectre v2 (CVE-2017-5715), a cross-domain transient execution attack (TEA) that takes advantage of indirect branch predictors used by processors to cause a disclosure gadget to be speculatively executed.

A disclosure gadget refers to the ability of an attacker to access a victim's secret that's otherwise not architecturally visible, and exfiltrate it over a covert channel.

The latest findings from ETH Zürich show that a microcode bug in Intel microarchitectures such as Golden Cove and Raptor Cove could be used to circumvent IBPB. The attack has been described as the first, practical "end-to-end cross-process Spectre leak."

Leave your comment
*
*