UC San Diego researchers have gone public with Indirector, high-precision department goal injection assaults on the oblique department predictor. This UCSD safety researchers discovered Indirector impacting latest Intel Alder Lake and Raptor Lake processors. Intel believes although that no additional mitigations are required.
The Indirector assault is summed up as:
“This paper introduces novel high-precision Department Goal Injection (BTI) assaults, leveraging the intricate buildings of the Oblique Department Predictor (IBP) and the Department Goal Buffer (BTB) in high-end Intel CPUs (Raptor Lake and Alder Lake).
It presents, for the primary time, a complete image of the IBP and the BTB inside the newest Intel processors, revealing their measurement, construction, and the exact features governing index and tag hashing.
Moreover, this research reveals new particulars into the internal workings of Intel’s {hardware} defenses, akin to IBPB, IBRS, and STIBP, together with beforehand unknown holes of their protection.
Leveraging insights from reverse engineering efforts, this analysis develops extremely exact Department Goal Injection (BTI) assaults to breach safety boundaries throughout numerous situations, together with cross-process and cross-privilege situations and makes use of the IBP and the BTB to interrupt Handle Area Structure Randomization (ASLR).”
The Indirector web site is indirector.cpusec.org.
The UCSD researchers recommend mitigating Indirector through the use of IBPB (Oblique Department Predictor Barrier) extra aggressively and higher securing the BPU design. Better IBPB use would come at vital efficiency price. Intel for his or her half believes although that no additional mitigations are required over what’s already in place for the Spectre-style assaults. There’s additionally this GitHub repository with extra artifacts round Indirector.