It appears Specter is still going after Intel and AMD processors after cybersecurity researchers discovered new working speculative execution attacks.
To improve their performance, modern processors try to “guess” which tasks to perform next. Speculative execution attacks exploit this mechanism to trick the computer into leaking private information, such as passwords or other sensitive data, while the computer is operating based on incorrect guesses in advance.
The most popular attack was called Specter and was first observed in early 2018, along with a sister vulnerability called Meltdown. At the time, it was said that most computers were vulnerable to Specter and Meltdown, and the subsequent rush to fix the bugs created an even bigger mess, resulting in some computers breaking down completely.
8BASE and Everest
Cybersecurity researchers Johannes Wikner and Kaveh Razavi from ETH Zurich now claim that years after Specter, there are several similar attacks that can bypass existing defenses.
These include two methods that run on Linux and affect a wide range of Intel processors (the 12th, 13th, and 14th Intel chip generations for consumers, and the 5th and 6th generations of Xeon processors for servers), and many AMD chips (Zen 1 , Zen1+, Zen2).
The attacks undermine the Indirect Branch Predictor Barrier (IBPB) on x86 processors, it was explained. IBP plays a crucial role in defending against speculative execution attacks.
Meanwhile, the researchers have notified both Intel and AMD of their findings, and both companies have acknowledged the existence of the vulnerabilities. Both even said that they had already discovered them and are working on a solution. Intel is tracking it as CVE-2023-38575 and AMD is tracking it as CVE-2022-23824. Intel fixed the issue with a firmware update released in March, but according to BleepingComputer the fix hasn’t reached all operating systems yet.
Via BleepingComputer