AMD & Intel CPUs Vulnerable to New Spectre-like Attacks
More than six years have passed since the discovery of the legendary Spectre vulnerability, yet the latest AMD and Intel processors remain susceptible to speculative execution attacks.
This conclusion was reached by researchers from ETH Zürich—Johannes Wickner and Kaveh Razavi—in their recent paper titled “Breaking the Barrier: Post-Barrier Spectre Attacks.” They found that the Indirect Branch Predictor Barrier (IBPB), a defense mechanism implemented in x86 processors, does not offer complete protection against data leakage.
Speculative execution is used to accelerate processors by predicting the program’s execution path. However, if the prediction is incorrect, the instructions are discarded, though they still manage to load sensitive data into the cache, thus exposing it to potential attackers.
Intel explains that IBPB acts as a barrier, preventing branch predictions from being exploited after specific instructions. However, ETH Zürich’s study demonstrated that microcode in Intel architectures, such as Golden Cove and Raptor Cove, contains a vulnerability that allows this barrier to be bypassed. The researchers have dubbed this exploit the first “transcending inter-process Spectre leakage.”
A similar vulnerability has also been found in AMD Zen 1(+) and Zen 2 processors. Due to the peculiarities of IBPB implementation in the Linux kernel, unauthorized users may gain access to privileged memory by employing an attack code-named Post-Barrier Inception (PB-Inception).
Intel has already released a patch to address this vulnerability (CVE-2023-38575). AMD, tracking the issue as CVE-2022-23824, advises users to install kernel updates to protect their systems.
In March of this year, the same ETH Zürich researchers introduced new attack techniques based on the RowHammer method—ZenHammer and SpyHammer. The latter exploits temperature effects on RAM to detect system activity, allowing attackers to track room temperature variations and potentially gather information about the victim’s daily routines.
Experts are calling for the development of more robust defenses against RowHammer and similar attacks, as advancing technology only heightens their danger.
