The VUSec security research group and Intel recently published branch history injection, a Spectre-class speculative execution vulnerability (BHI).
The new flaw affects all Intel devices released in the last few years, as well as some Arm chips found in cellphones. The recently released 12th Gen Core Alder Lake CPUs are among the impacted Intel processors.
However, AMD chips have so far showed no signs of being affected by the vulnerability.
How It Works
BHI is a proof-of-concept attack that targets vulnerable CPUs that are vulnerable to Spectre V2 exploits. The Intel Enhanced Indirect Branch Restricted Speculation (EIBRS) and the Arm ID PFR0 EL1 CSV2 assignment are avoided by BHI.
According to VUSec, BHI enables cross-privilege Spectre-v2 exploits, allowing kernel-to-kernel exploits and allowing attackers to insert predictor entries into the global branch prediction history, causing kernels to leak data such as passwords.
Arm cores such as the Cortex A15, A57, A72, Neoverse V1, N1, and N2 are said to be affected. According to reports, the company is working on implementing five mitigations for their affected core series.
However, it is currently unknown whether the custom series, such as Qualcomm cores based on Arm’s technology, are affected by the exploit.
On Intel and Arm-based computers, Linux systems have received mitigations for Spectre-BHB / BHI. They also included additional security protocols for AMD systems that could be affected.
Client and server machines, on the other hand, would remain unaffected as long as the fixes from the two firms were implemented.
For the time being, it’s unclear what effect mitigations will have on the performance of affected devices.
To read our blog on “Intel, AMD and ARM have teamed up to make faster CPUs,” click here.
