Security researchers discovered a flaw affecting Intel chips that can be exploited to bypass address space layout randomization (ASLR).
The researchers, Dmitry Evtyushkin and Dmitry Ponomarev from the State University of New York at Binghamton and Nael Abu-Ghazaleh from the University of California in Riverside, published details of the exploit in a research report entitled “Jump Over ASLR: Attacking the Branch Predictor to Bypass ASLR.”
ASLR, a memory-protection process is designed to protect operating systems from buffer-overflow attacks by randomizing memory load addresses of system executables.
The hardware vulnerability affects Intel's Haswell processors. The researchers found that an attacker could exploit a hardware vulnerability to create a branch target buffer (BTB) collision to recover kernel ASLR. The research paper detailed software and hardware mechanisms that could protect against the exploit.
The discovery shows that software is not the easiest point of entry, especially for hackers with deep knowledge of hardware vulnerabilities, according to Alfredo Pironti, managing consultant at IOActive. In an email to SCMagazine.com, he wrote that hardware attacks “are often more expensive and time consuming” for attackers than software attacks, but warned that cybercriminals are “more sophisticated, well-funded and – worst of all – patient than ever before.”
Last year, researchers discovered a vulnerability affecting anti-virus giants that allowed the compromise of Microsoft's ASLR protections.