New Exploit Bypasses Existing Spectre-V2 Mitigations in Intel and Arm CPUs

Researchers have disclosed a new technique that could be used to
circumvent existing hardware mitigations in modern processors from
Intel and Arm, and stage speculative execution^[1]
attacks such as Spectre to leak sensitive information from host
memory.

Attacks like Spectre^[2]
are designed to break the isolation between different applications
by taking advantage of an optimization technique^[3]
called speculative execution in CPU hardware implementations to
trick programs into accessing arbitrary locations in memory and
thus leak their secrets.

While chipmakers have incorporated both software and hardware
defenses^[4], including Retpoline^[5]
as well as safeguards like Enhanced Indirect Branch Restricted
Speculation (eIBRS^[6]) and Arm^[7]
CSV2^[8], the latest method
demonstrated by VUSec researchers aim to get around all these
protections.

Called Branch History Injection^[9] (BHI or Spectre-BHB),
it’s a new variant of Spectre-V2 attacks (tracked as CVE-2017-5715)
that bypasses both eIBRS and CSV2, with the researchers describing
it as a “neat end-to-end exploit” leaking arbitrary kernel memory
on modern Intel CPUs.

“The hardware mitigations do prevent the unprivileged attacker
from injecting predictor entries for the kernel,” the researchers
explained.

“However, the predictor relies on a global history to select the
target entries to speculatively execute. And the attacker can
poison this history from userland to force the kernel to mispredict
to more ‘interesting’ kernel targets (i.e., gadgets) that leak
data,” the Systems and Network Security Group at Vrije Universiteit
Amsterdam added.

Put differently, a piece of malicious code can use the shared
branch history, which is stored in the CPU Branch History Buffer
(BHB), to influence mispredicted branches within the victim’s
hardware context, resulting in speculative execution that can then
be used to infer information that should be inaccessible
otherwise.

BHI is likely to impact all Intel and Arm CPUs that were
previously affected by Spectre-V2, prompting both companies to
release^[10] software updates^[11] to remediate the issue.
Chipsets from AMD, however, are unaffected by the flaw.

Intel is also recommending^[12] customers to disable
Linux’s unprivileged extended Berkeley Packet Filters (eBPF^[13]), enable both eIBRS and
Supervisor-Mode Execution Prevention (SMEP^[14]), and add “LFENCE^[15] to specific identified
gadgets that are found to be exploitable.”

“The [Intel eIBRS and Arm CSV2] mitigations work as intended,
but the residual attack surface is much more significant than
vendors originally assumed,” the researchers said.

“Nevertheless, finding exploitable gadgets is harder than before
since the attacker can’t directly inject predictor targets across
privilege boundaries. That is, the kernel won’t speculatively jump
to arbitrary attacker-provided targets, but will only speculatively
execute valid code snippets it already executed in the past.”