New Intel CPU vulnerability discovered, no new mitigations planned for "Indirector"

[Daniel Sims]

In brief: Hardware vulnerabilities like Spectre, Meltdown, and Downfall have dogged Intel processors for years. A newly uncovered variant of Spectre poses a similar threat, but Intel and the researchers behind the discovery believe that strengthening current security measures should adequately guard against the problem.

Recently published research has exposed a security flaw affecting 12th, 13th, and 14th-generation Intel processors. Similar to Spectre, Meltdown, and Downfall, it could cause the processors to leak sensitive information.

Researchers from the University of California San Diego discovered the attack, dubbed "Indirector." It targets the indirect branch indicator (IBI), a critical component of modern Intel CPUs. As a Spectre V2 attack, it uses Branch Target Injection, which can alter where processors send important information.

Furthermore, the study reveals previously undisclosed information about the workings of the indirect branch predictor, branch target buffer, and Intel security measures like IBPB, IBRS, and STIBP. Reverse engineering has uncovered new vulnerabilities in these processes.

Using a specialized tool, an attacker could insert a multi-target direction path into the IBP, potentially exposing sensitive data. Another method can eject the target user from the IBP and commit a BTB injection attack with a similar result.

More aggressive IBPB implementation could protect against the flaw but may introduce significant performance penalties. The researchers also suggest that Intel tighten its security in other areas in future designs.

Intel told Tom's Hardware that its existing countermeasures, such as IBRS, eIBRS, and BHI, are effective against Indirector, so it will not issue further mitigations. Intel's website hosts detailed explanations of these systems. The researchers plan to reveal more information at the August USENIX Security Symposium.

With the discovery of Indirector, every modern Intel processor is now vulnerable to at least one known exploit. Spectre has impacted Blue Team's processors released over the last decade (same for AMD and Arm), while Downfall affects consumer CPUs from the 6th through 11th generation. Meanwhile, Meltdown impacts Intel and some Arm systems.

The researchers tested Indirector on Alder Lake and Raptor Lake processors, potentially adding to the issues plaguing the latter. For weeks, users running CPU-intensive processes like games and productivity software have encountered crashes on high-end 13th and 14th-gen Intel chips, and the company has yet to find a permanent solution. In the meantime, Intel instructed affected users to undervolt their CPUs.

Whether Chipzilla can avoid these or similar issues with upcoming generations like Arrow Lake and Panther Lake remains unclear.

Permalink to story:

New Intel CPU vulnerability discovered, no new mitigations planned for "Indirector"

 

[daffy duck]

Always smart to place the step-by-step attack recipe online. Maybe these guys can be consultants for Indonesia's IT group.

 

[HardReset]

Meltdown impacts Intel, AMD, and Arm systems.

@Daniel Sims AMD is immune to Meltdown.

 

[kiwigraeme]

Always smart to place the step-by-step attack recipe online. Maybe these guys can be consultants for Indonesia's IT group.

Well apparently you need a specialised tool, who knows maybe its a pencil with a carbon tip -remember vaguely that doing something 20 odd years ago to get a more powerful cpu

I assume you need to be in physical possession of an Intel PC. My take is any pc in a hackers hands is hackable, if not today , then in a years time. Same way the first PS6 with no updates will become hackable in the future.
Add in social methods are probably more productive for targeted PCs

I've said it before given all the poorly maintained PCs, old phones etc . The amount of draining from peoples bank accounts is incredible low. So much so, most people just carry on without a care in the world with weak passwords, updating , browser use

 

[WhiteLeaff]

From another article: "Experts recommend several mitigation strategies, including more aggressive use of Intel's IBPB (Indirect Branch Prediction Barrier) feature. However, the performance impact of this solution—up to 50% in some cases—makes it impractical for frequent domain transitions, such as those in browsers and sandboxes"

Ouch. Up to 50% loss of performance ? sounds destructive enough to make people lose interest in any current intel product.

 

[HardReset]

From another article: "Experts recommend several mitigation strategies, including more aggressive use of Intel's IBPB (Indirect Branch Prediction Barrier) feature. However, the performance impact of this solution—up to 50% in some cases—makes it impractical for frequent domain transitions, such as those in browsers and sandboxes"

Ouch. Up to 50% loss of performance ? sounds destructive enough to make people lose interest in any current intel product.

Sounds like server stuff. Anyway quickly looking that IPBP seems to limit branch prediction quite heavily so performance impact is quite big too on some cases.

Meltdown also gave like 30% performance penalty bu hey, it's Intel so they just bought more Intel servers.

@Daniel Sims Please fix news item. AMD is immune to meltdown because, unlike Intel, it checks if program actually has rights to access certain memory area before access (Intel does it afterwards).

 

[Angga B]

Impossible to mitigate since the quest for top IPC performance could no longer heavily relied on silicon dies alone. Everytime chip engineers develop new ways to improve IPC by manipulating how the instructions get processed then everytime there will be new possible doors/windows to exploit by reverse engineers. Also applies to everytime the chip engineers tried to close existing doors/windows, new ones emerged.

 

[MaestroIT]

All those tricks engineers find to speedup IPC ends up being a source for vulnerabilities, good old stupid cpu's (predicting nothing) were better at this point