Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

The Spectre flaw is back — and Intel Alder Lake isn’t safe

Intel CPUs have been subjected to several significant security vulnerabilities in recent years, namely Meltdown and Spectre. Now, the latter has made an appearance once again.

As reported by Tom’s Hardware and Phoronix, security research group VUSec and Intel confirmed the existence of a new speculative execution vulnerability labeled branch history injection (BHI).

An Intel Alder Lake pin layout.
Image used with permission by copyright holder

Classified as a by-product of Spectre V2, BHI is a proof-of-concept exploit capable of leaking arbitrary kernel memory on Intel CPUs. As a result, sensitive data such as passwords can be extracted. Intel processors released in the past few years, which includes its latest 12th-generation Alder Lake processors, are said to be affected.

Certain ARM silicon have also been found to be vulnerable to the exploit. As for AMD CPUs, security researchers initially found that they remain immune to potential BHI attacks. However, there have been some developments in this area that appear to suggest otherwise.

“The LFENCE-based mitigation is deemed no longer sufficient for mitigating Spectre V2 attacks. Now the Linux kernel will use return trampolines “retpolines” by default on all AMD processors,” Phoronix explained. “Various AMD CPUs have already defaulted to using Retpolines for Spectre V2 mitigations, while now it will be the default across the board for AMD processors.”

Vusec provided further insight into how the exploit can find its way through mitigations that are already in place. While hardware mitigations prevent an attacker from injecting predictor entries for the kernel, they can still make use of a global history in order to select target entries to speculatively execute. “And the attacker can poison this history from Userland to force the kernel to mispredict to more “interesting” kernel targets (i.e., gadgets) that leak data,” the report added.

Intel has published a list of CPUs affected by the exploit, confirming that several generations of chips ranging back to 2013 (Haswell) can be infiltrated, including Coffee Lake, Tiger Lake, Ice Lake, and Alder Lake. Ice Lake servers were also mentioned on the list.

Chips from ARM, including Neoverse N2, N1, V1, Cortex A15, A57, and A72, have all been found to be impacted as well. Depending on the system on a chip, the chip designer is issuing five different mitigations.

Intel is expected to release a software patch to address the new Spectre-based BHI exploit. In the interim, the chipmaker provided Phoronix with a statement on BHI in regard to its impact on Linux systems:

“The attack, as demonstrated by researchers, was previously mitigated by default in most Linux distributions. The Linux community has implemented Intel’s recommendations starting in Linux kernel version 5.16 and is in the process of backporting the mitigation to earlier versions of the Linux kernel.”

When Spectre and Meltdown were originally discovered as a CPU vulnerability in 2018, lawsuits began to be filed against Intel, alleging the company knew about the flaws but kept silent about them while still selling the silicon in question. As pointed out by Tom’s Hardware, by mid-February 2018, a total of 32 lawsuits were filed against Team Blue.

Intel recently introduced an expansion of its existing Bug Bounty program with Project Circuit Breaker, an initiative directed toward recruiting “elite hackers.” Discovering bugs in firmware, hypervisors, GPUs, chipsets, and other areas could result in a financial windfall for participants, with payouts potentially reaching the six-figure range.

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
The leaks were wrong — Intel Meteor Lake is coming to desktop
Intel CEO talking about Meteor Lake

For months, industry leaks have seemed to confirm that Intel’s Meteor Lake processors won’t be coming to desktop computers. Now, though, Intel has turned that narrative on its head, with the latest info confirming they’ll be launched on PCs after all.

The new information comes from a PCWorld interview with Michelle Johnston Holthaus, Intel’s executive vice president and general manager of the Client Computing Group. PCWorld spoke to Johnston Holthaus at the Intel Innovation 2023 event and managed to wring some previously unknown tidbits out of the VP.

Read more
Intel’s 14th-gen Raptor Lake refresh might be a major disappointment
Intel Core i5-13600K installed in a motherboard.

An Intel 13th-generation 13600K. Jacob Roach / Digital Trends

We know at this point that Intel doesn't intend to release an entirely new generation for its desktop CPUs this year. The aptly named Raptor Lake refresh is rumored to launch next month at Intel Innovation, but a new leak suggests Intel may not have much to share on the desktop front.

Read more
ASRock may have released a major leak about Intel Raptor Lake
Intel processors next to each other.

As far as rumors go, today's source is pretty unexpected. ASRock penned a post on its Weibo (Chinese social media website) profile, where it seems to have spilled the beans on Intel's rumored Raptor Lake refresh. This includes rough performance estimates and a release date window. Assuming this is all true, will these processors become some of the best CPUs?

ASRock wrote an article (first spotted by ITHome) where it talks about the next-gen Intel CPUs. While it seems to be referring to rumors in the post, ASRock confirms the suggestions that the Raptor Lake refresh will provide a single-core performance uplift of around 4% to 8%, followed by a multi-core boost ranging from 8% to 15%. It's hard to expect a lot more out of an updated lineup of chips as opposed to a brand-new generation, but these figures might make it difficult for it to sell in any great numbers.

Read more