Follow on X RSS Feed
Vulnerabilities

Intel and AMD Face Renewed Threat From Spectre Exploits

Cybersec Sentinel

2 min read
Intel and AMD Face Renewed Threat From Spectre Exploits

Threat Group: N/A (Multiple Research Teams)
Threat Type: Speculative Execution Vulnerability Bypass
Exploited Vulnerabilities: CVE-2023-38575 (Intel), CVE-2022-23824 (AMD)
Malware Used: N/A (Exploit technique)
Threat Score: High (8.5/10) — Due to its ability to bypass significant speculative execution mitigations in widely used CPUs.
Last Threat Observation: October 18, 2024

Overview

A newly discovered Spectre bypass technique affects both Intel and AMD processors, particularly those running Linux. It targets speculative execution, exploiting flaws in return target predictions and bypassing the protections provided by Indirect Branch Predictor Barrier (IBPB). This vulnerability allows attackers to leak sensitive information like password hashes from kernel memory.

Key Details

  • Delivery Method: Requires local access for code execution.
  • Target: Intel’s 12th-14th Gen processors, Xeon 5th and 6th Gen processors, and AMD’s Zen 1, 1+, 2 microarchitectures.
  • Functions:
    1. Bypasses IBPB protections.
    2. Exploits speculative execution to leak sensitive data.
    3. Cross-process attack against Intel CPUs.
    4. PB-inception attack on AMD CPUs.
    5. Leaks sensitive kernel memory, such as root password hashes.

Obfuscation

The exploit uses flaws in speculative execution predictions that remain active even after context switches, allowing attackers to access privileged information from kernel memory.

Attack Vectors

On Intel systems, the attack manipulates return predictions after IBPB has been applied. On AMD systems, improper implementation of IBPB leaves return predictors vulnerable, allowing attackers to leak privileged data from kernel memory.

Known Indicators of Compromise (IoCs)

Although there are no specific file hashes or domains, monitoring speculative execution behavior and unusual memory access patterns can help identify exploitation attempts.

Mitigation and Prevention

  • Firmware Updates: Ensure the latest Intel and AMD microcode updates are applied to address vulnerabilities.
  • Kernel Patches: Apply Linux kernel updates, especially the IBPB-on-entry fixes for AMD processors, to mitigate the speculative execution flaws.
  • Monitoring and Logging: Watch for abnormal speculative execution behavior, which could indicate exploitation attempts.
  • System Isolation: Segregate critical workloads to minimize the risk of cross-process speculative execution attacks.
  • User Awareness: Administrators should be aware of the risks posed by these speculative execution vulnerabilities and stay informed about the latest developments.

Note: Mitigating these vulnerabilities largely depends on the actions of hardware and OS vendors. It's crucial for Intel, AMD, and Linux to release appropriate firmware and operating system updates. Administrators should apply these updates as soon as they are available to ensure full protection against these speculative execution attacks.

Conclusion

Despite years of mitigations, speculative execution remains a significant vulnerability. This newly discovered Spectre bypass requires prompt action, including firmware and kernel updates, to mitigate the risk of sensitive data leakage.

Sources:

  1. BleepingComputer: Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass
  2. SecurityWeek: Researchers Resurrect Spectre v2 Attack Against Intel CPUs
  3. The Register: Tool finds new ways to exploit Spectre holes in Intel CPUs
  4. AMD: IBPB and Return Stack Buffer Interactions
  5. Intel: 2024.1 IPU - Intel® Processor Return Predictions Advisory
  6. Ubuntu: CVE-2023-38575 (Intel), CVE-2022-23824 (AMD)