News: 0001475410

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

"Indirector" Attack Disclosed For Intel Alder Lake & Raptor Lake CPUs

([Linux Security] 3 Hours Ago Indirector Attack)


UC San Diego researchers have gone public with Indirector, high-precision branch target injection attacks on the indirect branch predictor. This UCSD security researchers found Indirector impacting recent Intel Alder Lake and Raptor Lake processors. Intel believes though that no further mitigations are required.

The Indirector attack is summed up as:

"This paper introduces novel high-precision Branch Target Injection (BTI) attacks, leveraging the intricate structures of the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) in high-end Intel CPUs (Raptor Lake and Alder Lake).

It presents, for the first time, a comprehensive picture of the IBP and the BTB within the most recent Intel processors, revealing their size, structure, and the precise functions governing index and tag hashing.

Additionally, this study reveals new details into the inner workings of Intel's hardware defenses, such as IBPB, IBRS, and STIBP, including previously unknown holes in their coverage.

Leveraging insights from reverse engineering efforts, this research develops highly precise Branch Target Injection (BTI) attacks to breach security boundaries across diverse scenarios, including cross-process and cross-privilege scenarios and uses the IBP and the BTB to break Address Space Layout Randomization (ASLR)."

The Indirector website is [1]indirector.cpusec.org .

The UCSD researchers suggest mitigating Indirector by using IBPB (Indirect Branch Predictor Barrier) more aggressively and better securing the BPU design. Greater IBPB use would come at significant performance cost. Intel for their part believes though that no further mitigations are required over what's already in place for the Spectre-style attacks. There is also [2]this GitHub repository with more artifacts around Indirector.



[1] https://indirector.cpusec.org/

[2] https://github.com/owenlly/Indirector_Artifact



Volta

cassiofb-dev

avis

IBM:
I've Been Moved
Idiots Become Managers
Idiots Buy More
Impossible to Buy Machine
Incredibly Big Machine
Industry's Biggest Mistake
International Brotherhood of Mercenaries
It Boggles the Mind
It's Better Manually
Itty-Bitty Machines