Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

The Spectre flaw is back — and Intel Alder Lake isn’t safe

Intel CPUs have been subjected to several significant security vulnerabilities in recent years, namely Meltdown and Spectre. Now, the latter has made an appearance once again.

As reported by Tom’s Hardware and Phoronix, security research group VUSec and Intel confirmed the existence of a new speculative execution vulnerability labeled branch history injection (BHI).

An Intel Alder Lake pin layout.
Image used with permission by copyright holder

Classified as a by-product of Spectre V2, BHI is a proof-of-concept exploit capable of leaking arbitrary kernel memory on Intel CPUs. As a result, sensitive data such as passwords can be extracted. Intel processors released in the past few years, which includes its latest 12th-generation Alder Lake processors, are said to be affected.

Recommended Videos

Certain ARM silicon have also been found to be vulnerable to the exploit. As for AMD CPUs, security researchers initially found that they remain immune to potential BHI attacks. However, there have been some developments in this area that appear to suggest otherwise.

“The LFENCE-based mitigation is deemed no longer sufficient for mitigating Spectre V2 attacks. Now the Linux kernel will use return trampolines “retpolines” by default on all AMD processors,” Phoronix explained. “Various AMD CPUs have already defaulted to using Retpolines for Spectre V2 mitigations, while now it will be the default across the board for AMD processors.”

Vusec provided further insight into how the exploit can find its way through mitigations that are already in place. While hardware mitigations prevent an attacker from injecting predictor entries for the kernel, they can still make use of a global history in order to select target entries to speculatively execute. “And the attacker can poison this history from Userland to force the kernel to mispredict to more “interesting” kernel targets (i.e., gadgets) that leak data,” the report added.

Intel has published a list of CPUs affected by the exploit, confirming that several generations of chips ranging back to 2013 (Haswell) can be infiltrated, including Coffee Lake, Tiger Lake, Ice Lake, and Alder Lake. Ice Lake servers were also mentioned on the list.

Chips from ARM, including Neoverse N2, N1, V1, Cortex A15, A57, and A72, have all been found to be impacted as well. Depending on the system on a chip, the chip designer is issuing five different mitigations.

Intel is expected to release a software patch to address the new Spectre-based BHI exploit. In the interim, the chipmaker provided Phoronix with a statement on BHI in regard to its impact on Linux systems:

“The attack, as demonstrated by researchers, was previously mitigated by default in most Linux distributions. The Linux community has implemented Intel’s recommendations starting in Linux kernel version 5.16 and is in the process of backporting the mitigation to earlier versions of the Linux kernel.”

When Spectre and Meltdown were originally discovered as a CPU vulnerability in 2018, lawsuits began to be filed against Intel, alleging the company knew about the flaws but kept silent about them while still selling the silicon in question. As pointed out by Tom’s Hardware, by mid-February 2018, a total of 32 lawsuits were filed against Team Blue.

Intel recently introduced an expansion of its existing Bug Bounty program with Project Circuit Breaker, an initiative directed toward recruiting “elite hackers.” Discovering bugs in firmware, hypervisors, GPUs, chipsets, and other areas could result in a financial windfall for participants, with payouts potentially reaching the six-figure range.

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Intel’s CPU lineups might get even more confusing
An Intel Core Ultra Series 2 chip embedded in a piece of glass.

Intel's list of processors constantly grows, and its whole new naming scheme just got even more confusing. Today's leaks imply that Intel might be working on another Raptor Lake refresh, this time under the Core 200 name. That's right -- just Core 200, without the Ultra. We also spotted some more budget-friendly, previously unheard-of Arrow Lake chips.

With Intel Arrow Lake right around the corner and Lunar Lake CPUs freshly out and available, Intel's got a lot going on in the CPU department right now, and there's more to come. Some non-Ultra Core 200 chips appeared in various Business Applications Performance Corporation (BAPCo) benchmarks, including the Core 7 250U, the Core 7 250H, and the Core 5 220H. There's also the Core 7 Ultra 255H, which is likely an upcoming Arrow Lake-H CPU set to appear inside next-gen laptops.

Read more
Intel Arrow Lake gets possible pricing and release date
Intel CEO Pat Gelsinger presents Intel's roadmap including Arrow Lake, Lunar Lake, and Panther Lake.

We haven't even gotten an official release date for Intel Arrow Lake, but the one we know of is already being pushed back. Many leaks pointed to an October 10 release, but now, one source claims that Intel won't launch its next-gen top desktop processors until October 24. This only applies to the K and KF-series CPUs -- the non-K variants won't arrive until much later. We've also gotten a peek at some of the possible pricing.

Fortunately, the delay doesn't appear to be major. According to HKEPC on X (formerly Twitter), the launch of Intel Arrow Lake-S has now been pushed back from October 17 to October 24. This is somewhat inconsistent with previous leaks, but not really -- it appears that Intel had always planned to announce Arrow Lake on October 10, with availability starting on October 17. Now, we might still hear about the CPUs on October 10, but they won't appear on the shelves until two weeks later.

Read more
Intel Lunar Lake CPUs: everything we know about release date, performance, and specs
An Intel Core Ultra Series 2 chip embedded in a piece of glass.

You and I might be hotly anticipating what Intel's next-generation Arrow Lake processors will do later this year, but Intel's mobile-first Lunar Lake may be the more exciting design. It's certainly the one Intel seems more keen to talk about. It released a heap of new information on Lunar Lake, detailing what could be one of Intel's most exciting product launches in years.

It's bringing real efficiency back to its mobile product, and that could give AMD a lot to think about. Here's everything we know about Lunar Lake so far, which are are gunning for a spot in the best laptops.
Lunar Lake specs
Intel revealed some details about Lunar Lake's architecture and design in May 2024, stating that this mobile-first architectural design would be fast, but also incredibly efficient, beating the competition by up to 30% on power draw while offering competitive performance.

Read more