Cybersecurity experts from VUSec at Vrije Universiteit Amsterdam have unveiled the first native Spectre v2 exploit targeting the Linux kernel on Intel systems, named Native Branch History Injection (BHI). This exploit, identified as CVE-2024-2201, allows attackers to bypass existing Spectre v2/BHI mitigations and leak kernel memory at a rate of 3.5 kB/sec. Unlike previous attacks that required extended Berkeley Packet Filters (eBPFs), this new method demonstrates that BHI can be executed without eBPF, affecting all Intel systems vulnerable to BHI. This vulnerability enables attackers to extract sensitive data across different processes by influencing speculative execution paths. Despite Intel’s prior recommendations to disable unprivileged eBPFs and enable countermeasures like (Fine)IBT, the InSpectre Gadget program has shown these measures to be insufficient, as it can identify exploitable code fragments within the kernel. The flaw impacts several platforms including Illumos, Intel, Red Hat, SUSE Linux, Triton Data Center, and Xen, while AMD has reported no impact on its products. This disclosure follows recent findings of other speculative execution vulnerabilities, highlighting ongoing challenges in securing modern CPU architectures against sophisticated attacks.
Read more at The Hacker News…