Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

The Spectre flaw is back — and Intel Alder Lake isn’t safe

Intel CPUs have been subjected to several significant security vulnerabilities in recent years, namely Meltdown and Spectre. Now, the latter has made an appearance once again.

As reported by Tom’s Hardware and Phoronix, security research group VUSec and Intel confirmed the existence of a new speculative execution vulnerability labeled branch history injection (BHI).

An Intel Alder Lake pin layout.

Classified as a by-product of Spectre V2, BHI is a proof-of-concept exploit capable of leaking arbitrary kernel memory on Intel CPUs. As a result, sensitive data such as passwords can be extracted. Intel processors released in the past few years, which includes its latest 12th-generation Alder Lake processors, are said to be affected.

Certain ARM silicon have also been found to be vulnerable to the exploit. As for AMD CPUs, security researchers initially found that they remain immune to potential BHI attacks. However, there have been some developments in this area that appear to suggest otherwise.

“The LFENCE-based mitigation is deemed no longer sufficient for mitigating Spectre V2 attacks. Now the Linux kernel will use return trampolines “retpolines” by default on all AMD processors,” Phoronix explained. “Various AMD CPUs have already defaulted to using Retpolines for Spectre V2 mitigations, while now it will be the default across the board for AMD processors.”

Vusec provided further insight into how the exploit can find its way through mitigations that are already in place. While hardware mitigations prevent an attacker from injecting predictor entries for the kernel, they can still make use of a global history in order to select target entries to speculatively execute. “And the attacker can poison this history from Userland to force the kernel to mispredict to more “interesting” kernel targets (i.e., gadgets) that leak data,” the report added.

Intel has published a list of CPUs affected by the exploit, confirming that several generations of chips ranging back to 2013 (Haswell) can be infiltrated, including Coffee Lake, Tiger Lake, Ice Lake, and Alder Lake. Ice Lake servers were also mentioned on the list.

Chips from ARM, including Neoverse N2, N1, V1, Cortex A15, A57, and A72, have all been found to be impacted as well. Depending on the system on a chip, the chip designer is issuing five different mitigations.

Intel is expected to release a software patch to address the new Spectre-based BHI exploit. In the interim, the chipmaker provided Phoronix with a statement on BHI in regard to its impact on Linux systems:

“The attack, as demonstrated by researchers, was previously mitigated by default in most Linux distributions. The Linux community has implemented Intel’s recommendations starting in Linux kernel version 5.16 and is in the process of backporting the mitigation to earlier versions of the Linux kernel.”

When Spectre and Meltdown were originally discovered as a CPU vulnerability in 2018, lawsuits began to be filed against Intel, alleging the company knew about the flaws but kept silent about them while still selling the silicon in question. As pointed out by Tom’s Hardware, by mid-February 2018, a total of 32 lawsuits were filed against Team Blue.

Intel recently introduced an expansion of its existing Bug Bounty program with Project Circuit Breaker, an initiative directed toward recruiting “elite hackers.” Discovering bugs in firmware, hypervisors, GPUs, chipsets, and other areas could result in a financial windfall for participants, with payouts potentially reaching the six-figure range.

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Intel 13th-gen Raptor Lake arrives just in time to hit back at AMD
Intel's CEO holding a Raptor Lake processor.

Intel today revealed its 13th-gen Raptor Lake processors during its Innovation 2022 event, heating up the already hot battle between AMD and Intel. Although these new chips share a lot with the previous generation under the hood, Intel is promising more cores, higher clock speeds, and performance that will catapult 13th-gen chips to the top of the best CPU rankings.

Before digging in, here's a quick look at specs for the three Raptor Lake processors coming. Some specs are official, while others have been compiled from specs posted by Intel a couple of weeks back (though not confirmed).

Read more
How to watch Intel’s 13th-gen Raptor Lake launch today (and what to expect)
The Intel Core i9-12900KS box sitting in front of a gaming PC.

The upcoming CPU showdown between Intel and AMD is nearly here as Intel is rumored to announce its next-generation Raptor Lake CPUs in just a few short days. Here's how you can watch Intel's event live and what to expect.
How to watch the Intel 13th-gen Raptor Lake launch

Intel CEO Pat Gelsinger will deliver the Intel Innovation 2022 keynote alongside the company's CTO Greg Lavender and Landing AI CEO Dr. Andrew Ng. The presentation starts at 9 a.m. PT on Tuesday, September 27, and it will be streamed on Intel's own Innovation 2022 webpage.

Read more
Intel accidentally leaks Raptor Lake specs, with one major surprise
Intel unveils the 12th Gen Intel Core processor

Intel has just accidentally revealed the full and official specifications of its upcoming Raptor Lake processors. The leak includes three of the most popular CPUs and confirms a lot of the previous rumors.

However, there is one change compared to the leaks we've seen so far, and that's the performance core boost clock. This is not a change for the better, though.

Read more