Perfectly implemented safeguards undermined: Spectre attacks are back

Current protection mechanisms do not always protect against Spectre-like side-channel attacks on processors, even if they are perfectly implemented and seal off different domains from each other. This is the conclusion reached by researchers from the Systems and Network Security Group at the Vrije Universiteit Amsterdam (VUSec).

Based on Spectre v2, they present the Training Solo attack vector: An attacker (such as a non-privileged user on the same system) can trick the victim (such as a kernel) into training itself. A jump prediction influenced in this way enables data to be read out.

Previously, Spectre-type attacks targeted cross-domain processes – an application in user space, for example, could influence the jump prediction in the kernel. Protection mechanisms such as Intel's Indirect Branch Restricted Speculation (IBRS) prevent multiple processes from influencing each other across domain boundaries. Training Solo circumvents this restriction by training within a single domain.

Because such attacks require physical access to the system, their severity is only classified as “Medium” in the Common Vulnerabilities and Exposures (CEV) system. Training Solo includes the numbers CVE-2024-28956, CVE-2025-24495 and CVE-2025-20012.

Three attacks for different configurations

Meanwhile, VUSec has developed three attack types within the Training Solo family. A history-based attack injects instructions into the indirect Branch Target Buffer (iBTB). As soon as a prediction branch encounters an injected instruction, data can be read out. The 1.7 KByte/s achieved in this way is sufficient for passwords or text modules, for example.

If sequences are deactivated in the jump prediction, Training Solo targets the instruction pointer (IP). The researchers force collisions at the branch addresses in the cache. As a result, two branches can be trained and thus influenced by each other.

Surprisingly, the third variant enables classic Spectre v2 attacks, which are actually patched. In addition, the VUSec surprisingly disproves a previous assumption: Direct branches can influence the jumps in indirect branches at Intel. As an example, a jmp instruction (Jump) is listed that can jump to je (Jump-if-equal). This drastically increases the attack surface for self-training attacks, so that data can be read out at 17 KByte/s. Intel calls this new attack Indirect Target Selection (ITS).

ARM and Intel affected, AMD not

According to current knowledge, all three types affect x86 processors from Intel and ARM models. In the case of Intel, this also includes the current Core Ultra 200 (Arrow Lake and Lunar Lake); ARM has not yet listed any affected architectures.

AMD's Ryzen and Epyc processors are not said to be affected because the Auto IBRS (Indirect Branch Restricted Speculation) protection mechanism completely disables the speculative execution of indirect prediction branches.

Intel is distributing microcode updates that improve the Indirect Branch Predictor Barrier (IBPB), among other things. Patches have been released for Linux at kernel level.

Empfohlener redaktioneller Inhalt

Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.

Preisvergleiche immer laden Preisvergleich jetzt laden

Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.

(mma)