Researchers from two universities have discovered several new variants of Spectre exploits that affect all modern processors from AMD and Intel with micro-op caches. Existing Spectre mitigations do not protect the CPUs against potential attacks that use these vulnerabilities. Meanwhile, researchers believe that mitigating these vulnerabilities will cause more significant performance penalties than the fixes for previous types of Spectre exploits. However, it remains unknown how easy these vulnerabilities are to exploit in the real world, so the danger may be limited to directed attacks.
Three New Types of Potential Spectre Attacks
Scholars from the University of Virginia and University of California San Diego have published a paper describing three new types of potential Spectre attacks using vulnerabilities of micro-op caches (thanks Phoronix for the tip). The team of researchers led by Ashish Venkat discovered that hackers can potentially steal data when a CPU fetches commands from the micro-op cache. Since all modern processors from AMD (since 2017) and Intel (since 2011) use micro-op caches, all of them are prone to a hypothetical attack.
The document lists three new types of potential attacks:
- A same thread cross-domain attack that leaks secrets across the user- kernel boundary;
- A cross-SMT thread attack that transmits secrets across two SMT threads running on the same physical core, but different logical cores, via the micro-op cache;
- Transient execution attacks that have the ability to leak an unauthorized secret accessed along a misspeculated path, even before the transient instruction is dispatched to execution.
Fixes Going to Hurt
Both AMD and Intel had been informed about the vulnerabilities in advance, but so far, no microcode updates or OS patches have been released. In fact, the researchers believe that since potential attacks must use mitigations in extremely low-level caches, it will be impossible to fix the weaknesses without severe performance impacts.
The document describes several ways to mitigate the vulnerabilities.
One of the ways is to flush the micro-op cache at domain crossings, but since modern CPUs need to flush the Instruction Translation Lookaside Buffer (iTLB) to flush the micro-op cache, frequent flushing of both will 'lead to heavy performance consequences, as the processor can make no forward progress until the iTLB refills.'
The second way is to partition micro-op caches based on privileges. However, as the number of protection domains increase, such partitioning would translate into heavy underutilization of the micro-op cache, removing much of its performance advantages.
Yet another way is to implement a performance counter-based monitoring that detects anomalies, but the technique is prone to misclassification errors, whereas frequent probing leads to significant performance degradation.
One thing to keep in mind is that exploiting micro-ops cache vulnerabilities is extremely tricky as such malware will have to bypass all other software and hardware security measures that modern systems have and then execute a very specific type of attack that is unconventional, to say the least. To that end, chances that the new Spectre vulnerabilities will lead to widespread wrongdoings are rather low. Instead, they could be used for specific targeted attacks from sophisticated players, like nation-states.