Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Intel still vulnerable to Spectre data-leak vulnerabilities, researchers say

Intel Corporation AMD ETH Zurich
Meltdown and Spectre.
  • Researchers from ETH Zurich found a way around Spectre mitigations on Intel
  • The chipmaker released microcode patch
  • ARM and AMD chips are not affected this time

Spectre, a series of chip vulnerabilities affecting pretty much all processors today, doesn’t seem to go away, despite multiple vendor efforts to contain and remedy the flaws.

Recently, security researchers at ETH Zurich published a new paper, claiming to have found a way around the protections released by Intel.

Sandro Rüegge, Johannes Wikner, and Kaveh Razavi, the researchers behind the paper, named the vulnerabilities Branch Prediction Race Conditions (BPRC), and claim it only works on Intel’s products (all Intel CPUs since the 9th generation - Coffee Lake Refresh - as well as other chips dating back to the 7th generation Kaby Lake ones). AMD and ARM seem to have dodged this bullet, at least for now.

Slow updates

Spectre and Meltdown were two enormous vulnerabilities that were first spotted in 2018, and which were so severe that they had most OEMs scrambling for a fix. Some fixes were so poorly implemented that they bricked entire devices, while others were “just” slowing the computers down.

At one point, Intel introduced Indirect Brach Restricted Speculation (IBRS/eIBRS), Indirect Branch Predictor Barrier (IBPB), as two techniques to control speculation and mitigate the risk.

This is apparently where the new flaw lies. Branch predictions update slowly and asynchronously (in the background, not instantly). This delay creates a race condition, which means that the CPU is still updating its internal branch prediction data from earlier code while switching to a different privilege level (from user mode to kernel mode, for example).

This timing means that predictions from user code can be mislabeled as coming from kernel mode, allowing the attacker to inject their own predictions. As a result, threat actors could pull sensitive data such as passwords, from the vulnerable device.

Intel has released a microcode update to address the flaw, The Register reports. The chipmaker's advisory, issued Tuesday, labeled the vulnerability as CVE-2024-45332.

Via The Register

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
When your mind goes 'blank,' your brain activity resembles deep sleep, scans reveal
Neuroscientists think moments of "mind blanking" could be a way for the brain to protect itself.
LiveScience
LiveScience
Jennifer Lopez Styles Her $2,600 Prada Mini Dress With $60 Metallic Flip-Flops
J.Lo is a big fan of the versatile—and affordable—footwear.
Marie Claire
Marie Claire
“From Bloom To Doom”: Orlando Bloom Hilariously Trolls Katy Perry And Justin Trudeau Dating Rumors
"She’s a huge fan of Pirates Of The Caribbean, and he’s super into the German economy."
Bored Panda
Bored Panda
Insider Drops Claims About Why Katy Perry’s Friends Are Concerned Amid Her ‘Flirty Friendship’ With Justin Trudeau
How those close to the pop star allegedly feel about her new relationship.
Cinemablend
Cinemablend
Sarah Jessica Parker Has Released a Heartbreaking Response to And Just Like That’s Cancellation
Sarah Jessica Parker Has Released a Heartbreaking Response to And Just Like That’s Cancellation
Marie Claire
Marie Claire
Matt Rife buys infamous Annabelle doll’s house and reveals plans for its future
News comes weeks after Annabelle’s handler, Dan Rivera, died while touring with the doll
The Independent UK
The Independent UK
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.
Download on the AppStore Get it on Google Play