April 10, 2024 at 04:32PM
VU Amsterdam academics discovered that Intel CPU cores are still vulnerable to Spectre attacks, despite mitigations. They created InSpectre Gadget, which can find code snippets to bypass protections, even on chips with Spectre defenses. The tool helped develop Native Branch History Injection exploit, allowing access to sensitive data. AMD and Arm cores are not susceptible. Intel is releasing updated guidance for mitigations.
Based on the meeting notes, it appears that Intel CPU cores remain vulnerable to Spectre data-leaking attacks despite previous mitigations, as demonstrated by the VU Amsterdam team. They have developed a tool called InSpectre Gadget to find code snippets that can be exploited to obtain sensitive data from kernel memory, even on chips with Spectre protections in place. The team has open sourced the tool and a database of gadgets found for Linux Kernel 6.6-rc4 on GitHub.
The researchers have identified a new exploit named Native BHI, which can bypass existing defense mechanisms and has prompted updated guidance and patches from Intel to block exploitation. It’s noted that AMD and Arm cores are not vulnerable to Native BHI.
The development builds on earlier work exploiting the Spectre variant BHI, and a technical paper describing Native BHI is scheduled to be presented at the USENIX Security Symposium.
The meeting notes highlight the persistent challenges in securing CPU cores against Spectre attacks and the need for ongoing efforts to address these vulnerabilities. If there are any specific actions or follow-up items from this information, please let me know so I can assist further.