Linux Kernel Patched For Branch History Injection "BHI" Intel CPU Vulnerability

Disclosed back in March 2022 was Branch History Injection (BHI) as a new Spectre vulnerability affecting Intel and Arm CPUs. Then in July of 2022 were patches for Intel working on hardware-based prevention for Spectre-BHI attacks. Now two years later the Linux kernel is seeing mitigations added for the native Branch History Injection vulnerability given a new "Native BHI" variant.

Merged this Patch Tuesday were Linux kernel patches for helping fend off Branch History Injection when paired with updated CPU microcode. Unless I am overlooking something or there is some disclosures not yet published, it's not clear why these kernel patches were merged today: the Intel Security Center hasn't yet shown any new vulnerabilities today, there isn't any new Intel CPU microcode drop, nor any other new disclosures I've seen today yet around BHI.

Linus Torvalds merged this "nativebhi" branch providing this newest CPU security vulnerability mitigation. The merge message reads:

Mitigations for the native BHI hardware vulnerability:

Branch History Injection (BHI) attacks may allow a malicious application to influence indirect branch prediction in kernel by poisoning the branch history. eIBRS isolates indirect branch targets in ring0. The BHB can still influence the choice of indirect branch predictor entry, and although branch predictor entries are isolated between modes when eIBRS is enabled, the BHB itself is not isolated between modes.

Add mitigations against it either with the help of microcode or with software sequences for the affected CPUs"

[ This also ends up enabling the full mitigation by default despite the system call hardening, because apparently there are other indirect calls that are still sufficiently reachable, and the 'auto' case just isn't hardened enough.

We'll have some more inevitable tweaking in the future - Linus ]

The updated kernel documentation does point to new research motivating this BHI mitigation:

"Previously the only known real-world BHB attack vector was via unprivileged eBPF. Further research has found attacks that don't require unprivileged eBPF. For a full mitigation against BHB attacks it is recommended to set BHI_DIS_S or use the BHB clearing sequence."

The new code adds a spectre_bhi= boot time option for on/off/auto controls of this Branch History Injection mitigation. The controls affect the hardware BHI control and the software BHB clearing sequence. The patches do confirm that AMD, Zhaoxin, and Hygon processors are not affected, but seemingly just Intel of x86/x86_64 processors.

As for affected Intel processors, Alder Lake and newer have the BHI_DIS_S hardware control to mitigate BHI. Prior to Alder Lake Intel has released a software sequence to clear the branch history.

With the Linux mitigation the branch history is cleared at system call entry and VMexit. For now at least branch history is not cleared at interrupt entry but one of the patches do note:

"For now, branch history is not cleared at interrupt entry, as malicious applications are not believed to have sufficient control over the registers, since previous register state is cleared at interrupt entry. Researchers continue to poke at this area and it may become necessary to clear at interrupt entry as well in the future."

So as of a short time ago the Intel BHI mitigation code is merged to Git for Linux 6.9 and will be back-ported to stable kernel releases shortly. I'm still poking around to find out more information on why the BHI mitigation is now happening two years after the original BHI disclosure.

UPDATE: VUSec.net has now published the details of their new "Native BHI" research on Branch History Injection. They explain:

In our prior work, we demonstrated that Spectre-V2 attacks were still possible in the kernel through Branch History Injection (BHI), and used eBPF to craft a Spectre disclosure gadget (or simply Spectre gadget for simplicity). In response, vendors suggested disabling unprivileged eBPF. This mitigation left us with a dangling question: "Is finding 'native' Spectre gadgets for BHI, i.e., not implanted through eBPF, feasible?"

To address this question, we developed InSpectre Gadget. With this tool, we can analyze Spectre gadgets and reason about their (advanced) exploitability. Our efforts led to the discovery of 1,511 Spectre gadgets and 2,105 so-called �dispatch gadgets�. The latter are very useful for an attacker, as they can be used to chain gadgets and direct speculation towards a Spectre gadget.

As the number of gadgets we found point to a nontrivial attack surface, vendors are now recommending to mitigate Native BHI by enabling hardware mitigations and, for older CPUs, software mitigations.

From the many gadgets we discovered, we selected one and crafted an end-to-end Native (eBPF=off) BHI exploit.

AMD has also confirmed their processors are not impacted by Native BHI / InSpectre Gadget.

Native BHI has been designated CVE-2024-2201 and VUSec has demonstrated the vulnerability on a 13th Gen Core CPU while they say all Intel CPUs are affected by Native BHI.