A group of researchers from Amsterdam free university revealed a new vulnerability in microarchctural structures of processors intel and Arm , which is an extended version of Spectre-V2 vulnerability, allowing to bypass Added to processors Eibrs and CSV2 protection mechanisms. Vulnerability Awarded a few names: BHI (Branch History Injection, CVE-2022-0001 ), bhb ( Branch History Buffer, CVE-2022-0002 ) and Spectre-BHB (cve-2022-23960 ), which describe the different manifestation of one problem (BHI attack, affecting different levels of privileges, for example, The user process and the core, the BHB – attack at one level of privileges, such as EBPF JIT and the kernel).
researchers demonstrated a worker exploit that allows you to extract arbitrary data from the kernel memory from the user space. For example, it is shown both using the prepared exploit, you can remove from the kernel buffers a string with a root user password loaded from the / etc / shadow file.
In addition to the attack leading to the leakage of data between different levels of privileges, it is allowed to use vulnerability and for attacks within one level of privileges (attack from the kernel level on the kernel). For example, using an EBPF program downloaded by a user or using the Spectre-gadget existing in the core code (command sequence, resulting in speculative instructions), the attacker can create conditions for speculative execution and determine the content of arbitrary kernel memory areas.
Vulnerability It is manifested in most actual Intel processors, for eliminating the ATOM family processors. From ARM processors A problem persisted