July 2, 2024 at 07:07AM
Modern Intel CPUs like Raptor Lake and Alder Lake are vulnerable to a new side-channel attack named “Indirector.” The attack exploits weaknesses in Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB) to leak sensitive information. Mitigations include using Indirect Branch Predictor Barrier (IBPB) more aggressively and hardening the Branch Prediction Unit (BPU) design. Arm CPUs are also susceptible to speculative execution attack called TIKTAG targeting Memory Tagging Extension (MTE) with a 95% success rate. Arm recommends MTE as a limited defense against specific exploits.
From the meeting notes, it appears that there is a new side-channel attack called “Indirector” that affects modern Intel CPUs, including Raptor Lake and Alder Lake. This attack leverages vulnerabilities in the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) to compromise CPU security by leaking sensitive information. Researchers have developed a tool called iBranch Locator to perform targeted IBP and BTP injections to carry out speculative execution.
Intel has been informed of the findings and has recommended using the Indirect Branch Predictor Barrier (IBPB) more aggressively and incorporating more complex tags, encryption, and randomization in the Branch Prediction Unit (BPU) design as mitigations.
In addition, Arm CPUs have been found susceptible to a speculative execution attack called TIKTAG, which targets the Memory Tagging Extension (MTE) to leak data. Arm has noted that MTE can provide limited deterministic and probabilistic defenses against specific classes of exploits but may not be a full solution against interactive adversaries.
It’s important for affected hardware/software vendors to be aware of these vulnerabilities and take appropriate actions to mitigate potential risks.