Spectre V2 hits Intel and ARM CPUs once again, affecting newer Intel and Arm cores
BHI is a proof-of-concept attack affecting vulnerable CPUs open to Spectre V2 exploits. The interesting part of this particular attack is that several mitigations were currently in place on the affected CPUs. BHI avoids the Intel Enhanced Indirect Branch Restricted Speculation (EIBRS) and the Arm ID_PFR0_EL1 CSV2 assignment. VUSec reports that BHI enables cross-privilege Spectre-v2 exploits, allowing kernel-to-kernel (intra-mode BTI) exploits and permitting attackers to place predictor entries into the global branch prediction history make kernel leak data. The result of the attack leaks arbitrary kernel memory on specific CPUs and could reveal hidden data such as passwords.
Intel reports that the company’s processors starting with Haswell (introduced in 2013) and spread to the recent Ice Lake-SP and Alder Lake CPUs. Intel will release a security patch to mitigate the exploit. Arm cores, such as the company’s Cortex A15, A57, A72, Neoverse V1, N1, and N2, are reported to be affected. The company will also introduce five mitigations for their affected core series. It is currently unknown if custom series, such as the cores from Qualcomm using Arm’s technology, are affected by the new exploit. Linux systems have received mitigations for Spectre-BHB / BHI on Intel & Arm-based systems. There were added security measures for AMD systems that could potentially be affected. Client and server machines should not be affected as long as those machines have the installed patches from the two companies. The impact the mitigations will have on performance on affected devices is unknown. Security researchers advise disabling unprivileged eBPF support to increase precaution from the attack. Sources: VUSec, ARM, Intel, Phoronix — Intel statement to website Phoronix