Summary:
-
Persistent Spectre Vulnerabilities
Six years after the discovery of Spectre vulnerabilities, researchers from ETH Zurich have identified a new cross-process attack that exposes weaknesses in Intel and AMD processors. -
Details of the Attack
The researchers revealed that their method derandomizes Address Space Layout Randomization (ASLR) and can leak sensitive information, including the hash of the root password, from Intel processors. -
Ineffective Defense Measures
The Indirect Branch Predictor Barrier (IBPB), designed to protect against Spectre v2 attacks, has been improperly implemented, allowing attackers to bypass security protocols between process contexts and virtual machines. -
Affected Hardware
The vulnerabilities impact recent Intel microarchitectures, such as Golden Cove and Raptor Cove, as well as AMD processors built on the Zen 2 architecture, particularly for Linux users. -
Microcode Updates and Recommendations
Intel released a microcode patch (INTEL-SA-00982) in March 2024, but not all affected hardware may have received it. AMD has acknowledged the issue as a software bug and is working with Linux kernel maintainers to develop a fix.
Read more at: The Register
!