New attack methods work against Spectre mitigations in modern PC CPUs
New Spectre attacks bypass protections in recent Intel and AMD CPUs.
Two researchers from ETH Zurich have developed novel attack strategies that bypass existing Spectre mitigations in Intel and AMD processors. Specifically, they identified vulnerabilities in the indirect branch predictor barrier (IBPB) designed to protect against Spectre v2 (CVE-2017-5715).
The vulnerabilities exist in Intel processors, including the 12th, 13th, and 14th generation Core series and the 5th and 6th generation Xeon processors. AMD's Zen and Zen 2 processors also showed similar flaws, albeit less severe in Zen 3 models. These vulnerabilities could be exploited to leak sensitive information like root passwords.
Intel responded with microcode updates in March 2024, and users are advised to keep their Intel and AMD systems updated. Collaborations with Linux maintainers are ongoing to develop and implement additional software patches, especially for Zen and Zen 2 system owners.