New attack methods work against Spectre mitigations in modern PC CPUs

New Spectre attacks bypass protections in recent Intel and AMD CPUs.

: Researchers at ETH Zurich identified new methods bypassing Spectre mitigations in modern Intel CPUs, specifically the indirect branch predictor barrier (IBPB). Vulnerabilities were found in Intel's 12th-14th gen Core and certain Xeon processors, and in AMD's Zen and Zen 2 implementations. Patch updates for microcode and system software are available, and users are advised to update their systems.

Two researchers from ETH Zurich have developed novel attack strategies that bypass existing Spectre mitigations in Intel and AMD processors. Specifically, they identified vulnerabilities in the indirect branch predictor barrier (IBPB) designed to protect against Spectre v2 (CVE-2017-5715).

The vulnerabilities exist in Intel processors, including the 12th, 13th, and 14th generation Core series and the 5th and 6th generation Xeon processors. AMD's Zen and Zen 2 processors also showed similar flaws, albeit less severe in Zen 3 models. These vulnerabilities could be exploited to leak sensitive information like root passwords.

Intel responded with microcode updates in March 2024, and users are advised to keep their Intel and AMD systems updated. Collaborations with Linux maintainers are ongoing to develop and implement additional software patches, especially for Zen and Zen 2 system owners.