New Spectre v2 attack impacts Linux systems on Intel CPUs

10-Apr-24

A new Spectre V2 exploit has been discovered that affects Linux systems running on many modern Intel processors. Spectre V2 is a variant of the original Spectre attack that leaves traces of privileged data in CPU caches, making it accessible to attackers. Two attack methods are Branch Target Injection (BTI) and Branch History Injection (BHI), with CVE-2022-0001 assigned to BTI and CVE-2022-0002 to BHI. CVE-2024-2201 involves a new Spectre v2 exploit that works against the Linux kernel, allowing unauthenticated attackers to read arbitrary memory data by leveraging speculative execution and bypassing present security mechanisms designed to isolate privilege levels. Current mitigation techniques are insufficient in stopping BHI exploitation against the kernel/hypervisor.

Read More…