Researchers discover new flaws in Intel CPUs that enable memory leaks and Spectre v2 attacks

The VUSec cybersecurity group at VU Amsterdam University has unveiled a new attack called Spectre v2, a variant of the Spectre malware specifically targeting Linux systems using Intel processors. VUSec presented its native Spectre v2 exploit against the Linux kernel, which achieved a memory leak on newer Intel processors. Despite multiple mitigations introduced since 2018, when the Spectre and Meltdown vulnerabilities were discovered, researchers have shown that there are still avenues to exploit them.

The Spectre vulnerability exploits a common mechanism in today's processors called speculative execution, which allows instructions to be predicted and executed before they are committed, with the goal of improving performance. These speculative executions are cancelled if the prediction is incorrect and can leave traces in the cache, which can be measured and analyzed by an attacker. In this way, it is possible to intercept the control flow of processes and extract sensitive information, such as encryption keys, passwords or operating system data, without the need for elevated privileges that would allow access to that information.

In the particular case of Spectre v2, also known as Branch Target Injection (BTI), the attacker tricks the processor into speculatively jumping to specific code that leaks data. This variant particularly affects systems that share CPUs, such as cloud and virtualization environments, as it is capable of running processes between different operating systems or containers.

For their part, manufacturers have released hardware and software security patches. Even so, researchers continue to find methods to evade these mitigations, as for example, another research group at the University of Zurich, managed to exploit the CVE-2024-45332 vulnerability by implementing race conditions in the processor.