October 18, 2024 at 10:49AM
Recent research reveals new speculative execution vulnerabilities in Intel’s 12th-14th gen processors and AMD’s Zen 1-2 chips, bypassing existing Spectre mitigations. Attacks exploit flaws in the Indirect Branch Predictor Barrier, allowing sensitive data leaks. Intel and AMD are aware and addressing these issues, with ongoing patch development for Linux.
### Meeting Notes Summary:
**Key Vulnerabilities:**
– Recent Intel (12th, 13th, 14th generations, Xeon 5th and 6th generations) and older AMD processors (Zen 1, Zen 1+, Zen 2) are susceptible to new speculative execution attacks, which bypass existing Spectre mitigations.
– These attacks exploit weaknesses in the Indirect Branch Predictor Barrier (IBPB), a defense mechanism against such vulnerabilities.
**Types of Attacks:**
1. **Cross-Process Attack (Intel)**:
– Involves manipulating speculative execution of return instructions, exploiting a flaw where IBPB does not invalidate return predictions after a context switch. This can leak sensitive information such as root password hashes.
2. **PB-Inception Attack (AMD)**:
– Involves improper application of IBPB-on-entry in Linux, allowing an attacker to hijack return predictions before IBPB is triggered, leading to leakage of privileged kernel memory.
**Responses from Intel and AMD:**
– **Intel**: Acknowledged the vulnerability (CVE-2023-38575) and has released a microcode fix as of March 2024, but the fix has not yet reached all operating systems (notably Ubuntu).
– **AMD**: Confirmed the issue (CVE-2022-23824) but classified it as a software bug, not hardware-related. AMD acknowledged that Zen 3 processors are also affected, contrary to ETH Zurich’s findings. No corrective microcode has been issued due to the nature of the vulnerability and prior awareness.
**Next Steps:**
– The ETH Zurich research team is collaborating with Linux kernel maintainers to create a patch for AMD processors, which will be made available once developed.
**Action Items:**
– Monitor updates from Intel and AMD regarding mitigations and patches.
– Follow the ETH Zurich team’s progress on the patch for AMD processors.