Intel’s Spectre Saga Continues: New Flaw BPI Keeps Haunting CPUs
Intel’s defenses against Spectre vulnerabilities have been cleverly bypassed by researchers at ETH Zurich using Branch Predictor Race Conditions. Their discovery, Branch Privilege Injection, exploits asynchronous branch predictor updates to inject unauthorized predictions. Intel’s microcode update aims to address this, but the Spectre saga shows no signs of resting in peace just yet.
Hot Take:
Looks like Intel’s processors have more vulnerabilities than a middle schooler’s self-esteem. The researchers at ETH Zurich have found a way to sneak past Intel’s latest defenses, making Spectre flaws the clingy ex they just can’t shake off. Just when Intel thought it had patched things up, Branch Predictor Race Conditions (BPRC) have entered the chat, turning speculative execution into speculative executioner.
Key Points:
– ETH Zurich researchers have discovered a new class of vulnerabilities called Branch Predictor Race Conditions (BPRC) in Intel processors.
– This discovery allows exploitation of Spectre v2 flaws, despite Intel’s existing defenses like eIBRS and IBPB.
– The new attack vector, Branch Privilege Injection (BPI), can inject branch predictions misclassified as kernel-level, compromising data security.
– Intel has issued a microcode update to address the flaw, affecting all x86 chips since the 9th generation.
– While the fix is in, performance tests show up to a 2.7% overhead, proving that security patches and performance impacts are a match made in silicon heaven.