Intel CPU cores remain vulnerable to Spectre data-leaking attacks, say academics at VU Amsterdam.
We’re told mitigations put in place at the software and silicon level by the x86 giant to thwart Spectre-style exploitation of its processors’ speculative execution can be bypassed, allowing malware or rogue users on a vulnerable machine to steal sensitive information – such as passwords and keys – out of kernel memory and other areas of RAM that should be off limits.
The boffins say they have developed a tool called InSpectre Gadget that can find snippets of code, known as gadgets, within an operating system kernel that on vulnerable hardware can be abused to obtain secret data, even on chips that have Spectre protections baked in.
InSpectre Gadget was used, as an example, to find a way to side-step FineIBT, a security feature built into Intel microprocessors intended to limit Spectre-style speculative execution exploitation, and successfully pull off a Native Branch History Injection (Native BHI) attack to steal data from protected kernel memory.
“We show that our tool can not only uncover new (unconventionally) exploitable gadgets in the Linux kernel, but that those gadgets are sufficient to bypass all deployed Intel mitigations,” the VU Amsterdam team said this week. “As a demonstration, we present the first native Spectre-v2 exploit against the Linux kernel on last-generation Intel CPUs, based on the recent BHI variant and able to leak arbitrary kernel memory at 3.5 kB/sec.”
A quick video demonstrating that Native BHI-based attack to grab the /etc/shadow file of usernames and hashed passwords out of RAM on a 13th-gen Intel Core processor is below. We’re told the technique, tagged CVE-2024-2201, will work on any Intel CPU core.
The VU Amsterdam team — Sander Wiebing, Alvise de Faveri Tron, Herbert Bos and Cristiano Giuffrida — have now open sourced InSpectre Gadget, an angr-based analyzer, plus a database of gadgets found for Linux Kernel 6.6-rc4 on GitHub.
“Our efforts led to the discovery of 1,511 Spectre gadgets and 2,105 so-called ‘dispatch gadgets,’” the academics added. “The latter are very useful for an attacker, as they can be used to chain gadgets and direct speculation towards a Spectre gadget.”
These numbers suggest a “nontrivial attack surface,” said the researchers, who pointed to an Intel security advisory that includes updated software-level mitigations for these kinds of Native BHI attacks.
As we understand things, Intel in 2022 addressed BHI attacks with hardware and software-level protections as well as recommendations like not allowing unprivileged eBPF use.
Now an updated exploit, dubbed Native BHI, was developed using InSpectre Gadget that defeats those defense mechanisms, leading to the x86 titan issuing updated advice for developers and patches for the Linux kernel to block exploitation of CVE-2024-2201 – we assume other operating systems will need fixing up, too.
“External academic researchers reported new techniques to identify BHI sequences that could allow a local attacker who can already execute code to possibly infer the contents of Linux kernel memory,” an Intel spokesperson told The Register today.
“Intel has previously shared mitigation guidance for BHI and intra-mode BTI attacks. In light of this new report, Intel is releasing updated guidance to assist in broader deployment of these mitigations.”
AMD and Arm cores are not vulnerable to Native BHI, according to the VU Amsterdam team. AMD has since confirmed this in an advisory
History lesson
InSpectre Gadget, and the related research and Native BHI exploit, builds on the boffins’ earlier work exploiting the Spectre variant BHI.
Spectre emerged in public in early 2018, along the related Meltdown design blunder, which The Register first reported. Over the years various variants of Spectre have been found, prompting engineers to shore up the security around performance-boosting speculative execution units.
After the aforementioned steps were taken to shut down BHI-style attacks, “this mitigation left us with a dangling question: ‘Is finding ‘native’ Spectre gadgets for BHI, ie, not implanted through eBPF, feasible?’” the academics asked.
The short answer is yes. A technical paper [PDF] describing Native BHI is due to be presented at the USENIX Security Symposium.