Cybersecurity News

New Exploit Bypasses Existing Spectre-V2 Mitigations in Intel, AMD, Arm CPUs

Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm and stage speculative execution attacks such as Spectre to leak sensitive information from host memory.

Attacks like Spectre are designed to break the isolation between different applications by taking advantage of an optimization technique called speculative execution in CPU hardware implementations to trick programs into accessing arbitrary locations in memory and thus leak their secrets.

Called Branch History Injection, it’s a new variant of Spectre-V2 attacks that bypasses both eIBRS and CSV2, with the researchers describing it as a “Neat end-to-end exploit” leaking arbitrary kernel memory on modern Intel CPUs.

“The hardware mitigations do prevent the unprivileged attacker from injecting predictor entries for the kernel,” the researchers explained.

BHI is likely to impact all Intel and Arm CPUs that were previously affected by Spectre-V2, prompting both companies to release software updates to remediate the issue.

“The mitigations work as intended, but the residual attack surface is much more significant than vendors originally assumed,” the researchers said.

Stay on Top of Cyber Threats!
Subscribe to our monthly bulletin to stay updated on major cybersecurity risks.

Recent Cybersecurity News

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

No engagement. We answer within 24h.
Scroll to Top

BOOK A MEETING WITH AN EXPERT

Enter Your Corporate Email