In recent news, security researchers have discovered a new vulnerability in modern Intel CPUs, including Raptor Lake and Alder Lake, that could allow attackers to leak sensitive information from the processors. The attack, known as “Director” and identified by researchers Luyi Li, Hosein Yavarzadeh, and Dean Tullsen, exploits weaknesses in the Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB) to bypass existing defenses and compromise CPU security.
The IBP is a hardware component in modern CPUs that predicts the target addresses of indirect branches, which are control flow instructions with destination addresses calculated at runtime, making them difficult to predict accurately. By leveraging vulnerabilities in the IBP, attackers can conduct Precise Branch Target Injection (BTI) attacks, also known as Spectre v2 (CVE-2017-5715), which can lead to unauthorized disclosure of information to an attacker through a side channel.
A custom tool called iBranch Locator is used to locate indirect branches and perform precise IBP and BTP injections for speculative execution. Intel was made aware of these findings in February 2024 and has informed other affected hardware and software vendors. Mitigations include using the Indirect Branch Prediction Barrier (IBPB) more aggressively and enhancing the Branch Prediction Unit (BPU) design with complex labels, encryption, and randomization.
This discovery comes after Arm CPUs were found to be vulnerable to a speculative execution attack called TIKTAG, targeting the Memory Tagging Extension (MTE) to exfiltrate data with a high success rate in a short amount of time. The research team behind TIKTAG identified novel devices capable of leaking MTE tags through speculative execution, highlighting the need for improved security measures against such attacks.
In response to these vulnerabilities, Arm stated that MTE provides a limited set of deterministic and probabilistic defenses against specific exploits but may not be a complete solution against a determined attacker. The ongoing research in hardware security and vulnerability assessment underscores the importance of continuous monitoring and updates to mitigate potential threats in the ever-evolving landscape of cybersecurity.
Article Source
https://thehackernews.com/2024/07/new-intel-cpu-vulnerability-indirector.html