A new security flaw called “Indirector” has been discovered by researchers at the University of California, San Diego, affecting 12th, 13th, and 14th generation Intel processors. This vulnerability, similar to previous threats like Spectre, Collapse, and Drop, can lead to the leakage of sensitive information from processors. The attack targets the indirect branch indicator (IBI) in modern Intel CPUs, using branch target injection to manipulate where important information is sent.
The study also uncovers previously undisclosed details about the operation of the indirect branch predictor, branch target buffer, and Intel security measures such as IBPB, IBRS, and STIBP. Through reverse engineering, new vulnerabilities in these processes have been identified. By inserting a multi-target address path into the IBP or kicking the targeted user out of the IBP, attackers could potentially expose sensitive data through a BTB injection attack.
While a more aggressive implementation of IBPB could potentially mitigate the flaw, it may come with significant performance penalties. The researchers recommend that Intel enhance security in other areas in future designs to better protect against such vulnerabilities. Intel has stated that its existing countermeasures are effective against Indirector and will not be issuing additional mitigations.
The discovery of Indirector means that all modern Intel processors are now susceptible to at least one known exploit. This adds to the existing vulnerabilities such as Spectre, Meltdown, and Downfall that have plagued Intel processors over the years. Users running CPU-intensive processes like games and productivity software on high-end 13th and 14th generation Intel chips have reported experiencing issues with Indirector, for which Intel has yet to find a permanent solution. In the meantime, affected users have been advised to reduce the voltage on their CPUs.
It remains to be seen whether Intel will be able to address these current issues or prevent similar vulnerabilities in future generations like Arrow Lake and Panther Lake. The researchers behind the discovery of Indirector plan to provide more information at the USENIX Security Symposium in August. This ongoing battle against hardware vulnerabilities highlights the importance of continuously improving security measures to safeguard sensitive data on computer systems.
Article Source
https://www.techspot.com/news/103666-new-intel-cpu-vulnerability-discovered-no-new-mitigations.html
