Saturday, December 2, 2023

7 New Meltdown and Spectre Level Vulnerabilities Discovered that Affected ARM, Intel & AMD CPU’s

A team of Researchers discovered 7 New Meltdown and Spectre Level attacks called a sound and extensible systematization of transient execution which includes 2 new Meltdown Attack variants and 5 variants belong to Spectre attack.

All the 7 attacks are affected the 3 major processor vendors Intel, AMD, ARM that allows an attacker to gain access to vulnerable system data.

Among the 7 Attacks, Meltdown-BR exploiting the meltdown effect  x86 bound instruction on Intel and AMD and Meltdown-PK exploiting the Meltdown-type effect on memory protection keys on Intel and other 5 exploiting Spectre-PHT and Spectre-BTB attacks.

Researchers called it as an extensible systematization of transient execution attacks in  microarchitectural level in CPU that leads to exploit transient execution and encode secrets.

Transient Execution Attacks does not influence the architectural state during the execution of transient instructions but it affects the microarchitectural state.

So this attacks will transfer the microarchitectural state into an architectural state in order to exploit these microarchitectural state changes to extract sensitive information.

Two Meltdown & Five Spectre Attacks

Original Meltdown breaks the separation between the user accounts and the operating systems, it allows access to the memory where attacker extract secret information from other programs and operating systems.

This new 2 Meltdown Attacks exploits an x86 bound instruction on Intel and AMD and bypasses memory protection keys on Intel CPUs.

Meltdown-BR attack related to bound range exceeded exception that bypass the bound checks in x86 processors that affected Intel processors ship with Memory Protection eXtensions (MPX) for efficient array bounds checking.

Meltdown-PK Attack attack to bypass both read and write isolation guarantees enforced through memory-protection keys and PKU isolation can be bypassed if an attacker has code execution in the containing process.

Original Spectre breaks the isolation between the applications, it allows an attacker to trick legitimate applications into leaking their secrets.

Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary.

In this new 5 Spectre attacks exploiting the Pattern History Table mechanism.

  1. Spectre PHT-CA-OP – attack exploits the CPU Pattern History Table (Cross-Address-space Out of Place)
  2. Spectre PHT-CA-IP – attack exploits the CPU Pattern History Table (Same Address-space In Place)
  3. Spectre PHT-SA-OP – attack exploits the CPU Pattern History Table (Same Address-space Out of Place)
  4.  Spectre BTB-SA-IP – attack exploits the CPU Branch Target Buffer (Same Address-space In Place)
  5.  Spectre BTB-SA-OP – attack exploits the CPU Branch Target Buffer (Same Address-space Out of Place)

All the above attacks that affected  Intel, ARM, and AMD. are clearly demonstrated by the group researchers in their Research Paper.

Spoke person from INTEL said, “The vulnerabilities documented in this paper can be fully addressed by applying existing mitigation techniques for Spectre and Meltdown, including those previously documented here, and elsewhere by other chipmakers. Protecting customers continues to be a critical priority for us and we are thankful to the teams at Graz University of Technology, imec-DistriNet, KU Leuven, & the College of William and Mary for their ongoing research.”

According to the researchers, Defenses that require hardware modifications are only evaluated theoretically. In addition, we discuss which vendors have CPUs vulnerable to what type of Spectre- and Meltdown-type attack but that only ARM and Intel acknowledged their findings.


Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles