VUSec security research group and Intel have recently released another Spectre-class speculative execution vulnerability called branch history injection (BHI). The new vulnerability impacts all Intel systems launched during the last couple of years as well as certain Arm processors used in smartphones. Intel processors affected include the recently introduced 12th Gen Core Alder Lake CPUs. However, fortunately, AMD chips have not shown any impact from the vulnerability, as of now.
How it Works
BHI is a proof-of-concept attack affecting vulnerable CPUs open to Spectre V2 exploits. BHI avoids the Intel Enhanced Indirect Branch Restricted Speculation (EIBRS) and the Arm ID_PFR0_EL1 CSV2 assignment. VUSec further reports that BHI enables cross-privilege Spectre-v2 exploits, allowing kernel-to-kernel exploits and permitting attackers to place predictor entries into the global branch prediction history, making kernel leak data such as passwords.
Arm cores, such as the company’s Cortex A15, A57, A72, Neoverse V1, N1, and N2, are reported to be affected. As per the reports, the company is working to introduce five mitigations for their affected core series. It is, however, currently unknown whether the custom series, such as the cores from Qualcomm using Arm’s technology, are affected by the exploit.
Linux systems have received mitigations for Spectre-BHB / BHI on Intel & Arm-based systems. They further came with added security protocols for AMD systems that could potentially be affected.
However, client and server machines would not be impacted as long as the devices have the patches from the two companies installed. For now, the impact mitigations will have on the performance of affected devices is not entirely known.
