When Specter was revealed six years ago, the computing world shook. Today, history seems to be repeating itself. As a reminder, the Specter vulnerability is a design flaw in modern processors that allows a malicious program to access normally protected data. The work of Johannes Wikner and Kaveh Razavi demonstrates that despite the efforts made, x86 processors remain vulnerable to this type of attack. The heart of the problem lies in circumventing the Indirect Branch Predictor Barrier (IBPB), which is supposed to be the ultimate defense against speculative execution attacks.
The latter is an optimization technique that anticipates upcoming instructions for the CPU, but it ultimately proves to be the Achilles heel of modern CPUs. While it provides a big boost to performance, it also opens the door to leaks of sensitive data via side channels.
Zurich researchers have developed two types of attacks: one targeting Intel, the other AMD. At Intel, there is a bug in the basic software of the processor (the microcode). This bug causes the processor to not completely remove the information it has predicted before moving on to another task. This allows attacks like Specter to use this information to access confidential data. For AMD, it is an incorrect application of IBPB-on-entry in the Linux kernel which is the cause.
