April 10, 2024 at 10:25AM
VUSec cybersecurity group at VU Amsterdam university revealed a new form of the Spectre v2 attack targeting Intel processors. Named Branch History Injection (BHI), it bypasses hardware mitigations and can leak kernel memory on the latest Intel CPUs. Intel updated guidance on mitigations and plans to address BHI in future processors.
Summary:
The VUSec cybersecurity group at VU Amsterdam University has revealed a new variation of the Spectre v2 attack targeting Intel processors. This extends the original Spectre v2 attack, named Branch History Injection (BHI), and allows unauthorized access to sensitive information in the kernel. The VUSec researchers have also developed a tool called InSpectre Gadget to identify Linux kernel gadgets that can be exploited. They demonstrated a native BHI attack capable of leaking kernel memory on 13th Gen Intel Core processors. Intel has updated its guidance for BHI mitigation methods and plans to address BHI attacks in future processors.
Please let me know if you need more information or if there’s anything else I can assist you with.