A team of researchers at the University of California, San Diego have identified a new side-channel vulnerability in Intel processors which could potentially lead to the leakage of sensitive data. This vulnerability, present in the Indirect Branch Predictor (IPB) and Branch Target Buffer (BTB) components of certain high-end Intel CPUs, could be exploited by attackers to steal secret keys and other credentials. The researchers explained that the flaw is related to indirect branch prediction, a feature of modern CPUs that helps speed up calculations by pre-loading commonly used instructions before execution.
The vulnerability, similar to the Spectre and Meltdown vulnerabilities previously disclosed, involves manipulating built-in components of the CPUs to access memory storage that would normally be blocked for a program. This particular flaw is said to affect the Raptor Lake and Alder Lake series of Intel CPUs. The researchers, including Hosein Yavarzadeh, Luyi Li, and Dean Tullsen, indicated that exploiting this vulnerability could be done relatively quickly, with just about a minute of clock time or 30 minutes of computing time needed.
Yavarzadeh highlighted that an attacker could use this vulnerability to jump to an arbitrary location and potentially leak sensitive information, as there is one branch prediction unit per core on the CPU. However, despite the potential risks, Intel has downplayed the severity of the vulnerability, stating that their processors are already protected against such attacks. According to Intel, previous mitigation guidelines for issues like IBRS, eIBRS, and BHI are effective against this new research, and no additional mitigations are necessary as of now.
In conclusion, the discovery of this new side-channel vulnerability in Intel processors underscores the ongoing challenges in ensuring the security of modern CPUs and the importance of promptly addressing potential threats to sensitive data. While the researchers have identified a specific issue in certain Intel CPUs, it is reassuring to hear that Intel believes their existing mitigations are sufficient to protect users against this particular vulnerability. However, it serves as a reminder of the constant vigilance required in the ever-evolving landscape of cybersecurity to stay ahead of potential threats and protect valuable information from falling into the wrong hands.
Article Source
https://www.scmagazine.com/news/intel-dismisses-reported-side-channel-vulnerability-in-cpu-cores