New Spectre vulnerability affects Intel Alder Lake and ARM processors
The Spectre vulnerability was discovered almost 4 years ago and it seemed to affect processors from intel, AMD and ARM. In the meantime, all of the affected CPU makers have released patches that hindered overall performance to a slight extent, and the latest processor models even have these fixes implemented at a hardware level, yet it looks like Spectre is still alive and kicking in some new form called branch history injection (BHI) as recently reported by VUSec security research group.
This time around, the security issue only affects Intel and ARM processors. The list of affected Intel processors includes the 2013 Haswell all the way up to Ice Lake-SP and the latest Core gen 12 Alder Lake models. On the other hand, ARM’s list features Cortex A15, A57 and A72 mobile cores as well as Neoverse V1, N1 and N2 server-grade processors. Both companies will release fixes as soon as possible, but it remains to be seen if these patches come with slight performance downgrades once again.
VUSec explains that the exploit is only proof-of-concept and not meant to educate nefarious third parties on the existing vulnerabilities. BHI apparently affects all CPUs already vulnerable to Spectre V2 despite implemented fixes like Intel’s eIBRS and ARM’s CSV2. What BHI essentially does is to re-enable previously fixed cross-privilege Spectre V2 exploits by allowing kernel-to-kernel attacks. This way third parties have the possibility to inject predictor entries into the global branch prediction history and leak kernel memory data that could contain sensitive information like passwords and hash codes.