CySecurity News – Latest Information Security and Hacking Incidents
Researchers have revealed a new technique that might be used to bypass existing hardware mitigations in modern processors from Intel, AMD, and Arm CPUs and stage speculative execution attacks like Spektre to expose sensitive data from host memory.
Spectre attacks are aimed to disrupt the isolation between different applications by using an optimization technique known as speculative execution in CPU hardware implementations to mislead programmes into accessing arbitrary memory regions and leaking their secrets. While chipmakers have included software and hardware defences such as Retpoline and safeguards such as Enhanced Indirect Branch Restricted Speculation (eIBRS) and Arm CSV2, the latest technique demonstrated by VUSec researchers seek to circumvent all of these measures.
Branch History Injection (BHI or Spectre-BHB) is a new variant of Spectre-V2 attacks (tracked as CVE-2017-5715) that circumvent both eIBRS and CSV2, according to the researchers, and exposes arbitrary kernel memory on modern Intel CPUs.
“The hardware mitigations do prevent the unprivileged attacker from injecting predictor entries for the kernel,” the researchers explained,
“However, the predictor relies on a global history to select the target entries to speculatively execute. And the attacker can poison this history from userland to force the kernel to mispredict to more ‘interesting’ kernel targets (i.e., gadgets) that leak data,” the Systems and
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: