新的幽靈漏洞昨天被發佈 - 3C

新聞來源：
https://www.tomshardware.com/news/intel-alder-lake-arm-cpus-affected-by-new-spec
tre-vulnerability

縮網址：https://bit.ly/3hOskDS

新的幽靈漏洞昨天被發佈，
這個屬於Specture-V2的漏洞，主要影響Intel跟Arm CPU系統，
Intel從Haswell開始到Alderlake都有影響，
會出一個新的軟體更新去修正這問題，

Arms則是影響Cortex A15, A57, A72 及 Neoverse V1, N1, and N2

可由Intel之 CVE-2022-0001、CVE-2022-0002
及 Arm 之 CVE-2022-23960 了解漏洞及修正

漏洞演示：
https://twitter.com/vu5ec/status/1501256481097883648

https://youtu.be/537HUwV36ME


底下為原文：
VUSec security research group and Intel on Tuesday disclosed a yet another Spect
re-class speculative execution vulnerability called branch history injection (BH
I). The new exploit affects all of Intel processors released in the recent years
, including the latest Alder Lake CPUs, and select Arm cores. By contrast, AMD's
chips are believed to be unaffected.

BHI is a proof-of-concept attack that affects CPUs already vulnerable to Spectre
V2 exploits, but with all kinds of mitigations already in place. The new exploi
t bypasses Intel's eIBRS and Arm's CSV2 mitigations, reports Phoronix. BHI re-en
ables cross-privilege Spectre-v2 exploits, allows kernel-to-kernel (so-called in
tra-mode BTI) exploits, and allows perpetrators to inject predictor entries into
the global branch prediction history to make kernel leak data, reports VUSec. A
s a result, arbitrary kernel memory on select CPUs can be leaked and potentially
reveal confidential information, including passwords. An example of how such a
leak can happen was published here.

VUSec
圖片我就不附上，因為有影片
(Image credit: VUSec)
All of Intel's processors beginning with Haswell (launched in 2013) and extendin
g to the latest Ice Lake-SP and Alder Lake are affected by the vulnerability, bu
t Intel is about to release a software patch that will mitigate the issue.

Numerous cores from Arm, including Cortex A15, A57, A72 as well as Neoverse V1,
N1, and N2 are also affected. Arm is expected to release software mitigations f
or its cores. What is unclear is whether custom versions of these cores (e.g., s
elect cores from Qualcomm) are also affected and when the potential security hol
es will be covered.

Since this is a proof-of-concept vulnerability and it is being mitigated by Inte
l and Arm, it should not be able to be used to attack a client or server machine
— as long as all the latest patches are installed. There's no indication how m
uch the mitigations will impact performance.

----------
https://i.imgur.com/RVYbywG.jpg

----
Sent from BePTT on my SHARP FS8002

--