Researchers from ETH Zurich have uncovered a new class of vulnerabilities affecting all modern Intel CPUs, undermining key hardware defenses against Spectre v2 attacks.
The attack, dubbed “Branch Privilege Injection” (BPI), exploits race conditions in branch predictor updates to inject privileged predictions from user space, enabling attackers to leak sensitive kernel data, even on fully patched Linux systems.
The flaw was discovered and documented by Sandro Rüegge, Johannes Wikner, and Kaveh Razavi of ETH Zurich. Their research introduces the concept of Branch Predictor Race Conditions (BPRC), a family of vulnerabilities arising from asynchronous operations inside Intel's Branch Prediction Unit (BPU). These race conditions allow misaligned privilege tracking during branch predictor updates, effectively subverting the protection offered by enhanced Indirect Branch Restricted Speculation (eIBRS), a widely deployed Spectre v2 mitigation.
Intel's branch predictor misfire
Modern Intel processors enforce Spectre v2 mitigations by associating branch predictions with privilege domains, preventing user-level code from influencing kernel-level predictions. However, the researchers found that updates to the branch predictor are not always synchronized with changes in privilege domains, especially when privilege transitions (e.g., from user to kernel) occur during ongoing prediction updates. As a result, an attacker can exploit this timing mismatch to insert predictions into the Branch Target Buffer (BTB) under elevated privilege levels.
This behavior breaks the expected isolation between user space and kernel space. The researchers demonstrated three key BPRC variants:
- BPRCU→K: Injecting branch predictions from user mode into the kernel.
- BPRCG→H: Crossing from a guest VM into the hypervisor.
- BPRCIBPB: Bypassing the Indirect Branch Prediction Barrier (IBPB), a high-cost speculative barrier.
A new exploitation primitive
By leveraging BPRCU→K, the ETH Zurich team crafted BPI, a new attack technique allowing precise control over BTB entries with privileged tags. Through BPI, an unprivileged attacker can induce speculative execution paths in kernel space that access arbitrary memory. The researchers validated BPI with a fully working exploit on Intel's Raptor Cove microarchitecture, achieving leakage speeds of 5.6 KiB/s with 99.8% accuracy.
Crucially, the attack works even with modern defenses like eIBRS, AutoIBRS, and the BHI_DIS_S speculation control enabled. This suggests current mitigations do not account for the asynchronous behavior of Intel's BPU.
An end-to-end proof-of-concept exploit was created to leak the root password hash from the Linux /etc/shadow file. The exploit bypasses Kernel Address Space Layout Randomization (KASLR), locates the page-cached shadow file in memory, and retrieves it using speculative execution — all from an unprivileged user context.
The researchers measured a median runtime of 21 seconds per exploit run, with a 90.7% success rate in obtaining the full hash and 97.9% of leaks containing no more than six byte errors.
Impact and disclosure timeline
The flaw affects all Intel CPUs that support eIBRS, including recent generations such as Alder Lake, Raptor Lake, Sapphire Rapids, and even older Skylake-class processors. AMD and ARM processors were tested and found not to exhibit the same vulnerability patterns.
The researchers reported the issue to Intel in September 2024. Intel acknowledged the report and assigned the vulnerability CVE-2024-45332. A microcode update was developed by Intel and evaluated as part of the study. This update mitigates the flaw with relatively low performance impact (up to 2.7% in lmbench tests).
Recommendations
To defend against BPI and broader BPRC vulnerabilities, the researchers propose two primary strategies:
- Eliminating vulnerable indirect branches using Retpolines combined with the RRSBA_DIS_S speculation control. This incurs up to 8.3% performance overhead in some benchmarks.
- Disabling indirect branch prediction in supervisor mode using the IPRED_DIS_S control. This strategy offers a lower overhead (as little as 1.7% in UnixBench) while effectively stopping speculative execution at indirect branch targets.
While software mitigations offer partial protection, the researchers emphasize that a microcode update is essential for a robust fix. Users and system administrators are urged to apply available firmware updates from Intel as they become available.
The full paper and proof-of-concept code are available here.
Leave a Reply