Network Security, Supply chain

Intel dismisses reported side-channel vulnerability in CPU cores


Researchers said they uncovered a new side-channel vulnerability in Intel processors that could potentially allow the leak of sensitive data.

A team based out of the University of California San Diego said that a condition present in the Indirect Branch Predictor (IPB) and Branch Target Buffer (BTB) components of some latest-generation Intel CPUs could be exploited to steal secret keys and other credentials.

Intel, meanwhile, said that the vulnerability has already been resolved and posed no real-world danger to users.

The vulnerability can be traced back to Indirect Branch Prediction, a feature in modern CPUs that helps streamline calculations by loading commonly used instructions before they are executed.

In this case, the researchers said the IBP component can be manipulated in order to produce addresses that would allow an attacker to retrieve sensitive information such as credentials or secret keys.

The side-channel issue is not unlike those raised in the disclosure of the Spectre and Meltdown vulnerabilities: the built-in components that CPUs utilize to speed up code execution can be gamed to hand over memory storage that would otherwise be locked off from a program.

The flaw is said to exist in the Raptor Lake and Alder Lake series of CPUs.

UCSD researcher Hosein Yavarzadeh, who disclosed the flaw along with fellow researchers Luyi Li and Dean Tullsen, told CyberRisk Alliance that this vulnerability could be exploited relatively quickly, roughly one minute of clock time or 30 minutes of compute time.

“This allows the attacker to jump to an arbitrary location and potentially leak secrets. The attacker must run on the same CPU core as the victim since there is one branch predictor unit per core,” Yavarzadeh explained.

“In terms of timing, this method is significantly more efficient than state-of-the-art target injection attacks.”

However, Intel does not appear to be too concerned about the risk of attacks. The Chipmaker told CyberRisk Alliance that its processors should already be protected from potential exploits.

“Intel reviewed the report submitted by academic researchers and determined previous mitigation guidance provided for issues such as IBRS, eIBRS and BHI are effective against this new research and no new mitigations or guidance is required,” a spokesperson said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.