Intel Says No New Mitigations Required for Indirector CPU Attack

A team of researchers from the University of California San Diego has published a paper detailing a novel attack method targeting Intel CPUs.

  • The chip giant says no new mitigations are required to address it. 
  • The new attack, named Indirector, is similar to the well-known Spectre v2 or Spectre Branch Target Injection (BTI) attack. 

These methods typically allow an attacker who has access to the targeted system to obtain information, including sensitive data such as passwords or encryption keys, from memory.

The researchers described Indirector as a high-precision BTI attack that exploits the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) in high-end Intel CPUs such as Raptor Lake and Alder Lake.

According to the researchers, previous BTI attacks overlooked IBP, which they describe as a “critical component of the branch prediction unit that predicts the target address of indirect branches”.

“By analyzing the IBP, we uncover new attack vectors that can bypass existing defenses and compromise the security of modern CPUs,” the researchers said.

They have developed a tool named iBranch Locator that facilitates IBP and BTB injection attacks.

The researchers said they reported their findings to Intel in February 2024 and the chip giant “has informed other affected hardware/software vendors about the issues”.

However, Intel claims previously issued mitigation guidance should work for the Indirector attack method as well.

“Intel reviewed the report submitted by academic researchers and determined previous mitigation guidance provided for issues such as IBRS, eIBRS and BHI are effective against this new research and no new mitigations or guidance is required,” Intel told SecurityWeek.

The previously provided guidance for BHI and IBRS (eIBRS) is available on Intel’s website.

In addition, the researchers have also proposed a couple of mitigation measures against Indirector attacks.



Leave a Reply

Your email address will not be published. Required fields are marked *