SoylentNews

An Anonymous Coward writes:

ETH Zurich boffins exploit branch prediction race condition to steal info from memory, fixes have mild perf hit

by Thomas Claburn // Tue 13 May 2025

Researchers at ETH Zurich in Switzerland have found a way around Intel's defenses against Spectre [theregister.com], a family of data-leaking flaws in the x86 giant's processor designs that simply won't die.

Sandro Rüegge, Johannes Wikner, and Kaveh Razavi have identified a class of security vulnerabilities they're calling Branch Predictor Race Conditions (BPRC), which they describe in a paper [PDF] [comsec.ethz.ch] scheduled to be presented at USENIX Security 2025 and Black Hat USA 2025 later this year.

Spectre refers to a set of hardware-level processor vulnerabilities identified in 2018 that can be used to break the security isolation between software. It does this by exploiting speculative execution - a performance optimization technique that involves the CPU anticipating future code paths (also known as branch prediction) and executing down those paths before they're actually needed.

In practice, this all means malware running on a machine, or a rogue logged-in user, can potentially abuse Spectre flaws within vulnerable Intel processors to snoop on and steal data – such as passwords, keys, and other secrets – from other running programs or even from the kernel, the heart of the operating system itself, or from adjacent virtual machines on a host, depending on the circumstances. In terms of real-world risk, we haven't seen the Spectre family exploited publicly in a significant way, yet.

There are several Spectre variants. One of these, Spectre v2, enables an attacker to manipulate indirect branch predictions across different privilege modes to read arbitrary memory; it effectively allows a malicious program to extract secrets from the kernel and other running applications.

Intel has added various hardware-based defenses against these sorts of attacks over the years, which include Indirect Branch Restricted Speculation (IBRS/eIBRS [intel.com]) for restricting indirect branch target prediction, a sanitizing technique called Indirect Branch Predictor Barrier (IBPB [intel.com]), and other microarchitectural speculation controls.

eIBRS, the researchers explain, is designed to restrict indirect branch predictions to their originating privilege domain, preventing them from leaking across boundaries. Additional protection provided by IBPB is recommended in scenarios where different execution contexts, like untrusted virtual machines (VMs), share the same privilege level and hardware domain.

But Rüegge, Wikner, and Razavi found that branch predictors on Intel processors are updated asynchronously inside the processor pipeline, meaning there are potential race conditions – situations when two or more processes or threads attempt to access and update the same information concurrently, resulting in unpredictable behavior.

The researchers found they can exploit situations where a processor switches privilege levels, such as from user to kernel, while branch predictor updates are still in flight. This misalignment allows predictions to be incorrectly tagged with elevated privileges. They use this behavior to craft a new Spectre v2 attack vector, dubbed Branch Privilege Injection (BPI), which allows unprivileged code to inject branch predictions misclassified as kernel-level.

"BPI enables the classical Spectre v2 attack despite the eIBRS mitigation that was supposed to stop Spectre v2," Kaveh Razavi, assistant professor at ETH Zurich, told The Register. "Spectre v2 can leak information across different security boundaries."

Razavi said there are several possible attack scenarios.

"You could start a VM in your favorite cloud and this VM could then leak information from the hypervisor, including information that belongs to other VMs owned by other customers," he explained.

"While such attacks are in theory possible, and we have shown that BPI enables such attacks, our particular exploit leaks information in the user-to-kernel scenario. In such a scenario, the attacker runs inside an unprivileged user process (instead of a VM), and leaks information from the OS (instead of the hypervisor)."

Essentially, BPI allows the attacker to inject branch predictions tagged with elevated privileges in user mode, which ignores the security guarantees of eIBRS and IBPB. Thereafter, a Spectre v2 attack (sometimes called Branch Target Injection, or BTI) can be carried out to gain access to sensitive data in memory.

Intel has released a microcode update to address the flaw. The chipmaker's advisory [intel.com], issued Tuesday, resolves BPI, a vulnerability (CVE-2024-45332) that Intel calls Indirect Branch Predictor Delayed Updates.

All Intel x86 chips since the 9th generation (Coffee Lake Refresh) are affected, the researchers say, noting that they've seen some impact going back to 7th generation (Kaby Lake) processors.

"We appreciate the work done by ETH Zurich on this research and collaboration on coordinated public disclosure," an Intel spokesperson told The Register in a statement. "Intel is strengthening its Spectre v2 hardware mitigations and recommends customers contact their system manufacturer for the appropriate update. To date, Intel is not aware of any real-world exploits of transient execution vulnerabilities."

In terms of the performance impact of the patch, Intel [intel.com] says, "performance tests conclude that standard benchmarks are within normal run-to-run variation."

The researchers report more specific performance impact. "Our performance evaluation shows up to 2.7 percent overhead for the microcode mitigation on Alder Lake. We have also evaluated several potential alternative mitigation strategies in software with overheads between 1.6 percent (Coffee Lake Refresh) and 8.3 percent (Rocket Lake)."

Intel did not immediately respond to a request to clarify whether it considers the performance hit reported by the researchers to be within normal benchmark variation.

Though the proof-of-concept attack was created on Linux, any operating system running affected Intel chips could potentially be exploited through BPI. AMD and ARM chips are not affected.

Razavi said Spectre-related flaws are likely to continue to haunt us for a while – which El Reg did warn about [theregister.com] back in 2018.

"Speculative execution is quite fundamental in how we build high-performance CPUs, so as long as we build CPUs this way, there is always a chance for such vulnerabilities to happen," he said. "That said, CPU vendors are now more aware of these issues and hopefully also more careful when introducing new designs and new features.

"Furthermore, while much more work still needs to be done, there is some progress in building the necessary tooling for detecting such issues. Once we have better tooling, it becomes easier to find and fix these issues pre-silicon. To summarize, things should hopefully slowly get better, but we are not there yet." ®

Of note: Security experts have discovered new Intel Spectre vulnerabilities [ghacks.net]

Original Submission