"Indirector" Attack Disclosed For Intel Alder Lake & Raptor Lake CPUs

Written by Michael Larabel in Linux Security on 3 July 2024 at 09:30 AM EDT. 82 Comments
LINUX SECURITY
UC San Diego researchers have gone public with Indirector, high-precision branch target injection attacks on the indirect branch predictor. This UCSD security researchers found Indirector impacting recent Intel Alder Lake and Raptor Lake processors. Intel believes though that no further mitigations are required.

The Indirector attack is summed up as:
"This paper introduces novel high-precision Branch Target Injection (BTI) attacks, leveraging the intricate structures of the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) in high-end Intel CPUs (Raptor Lake and Alder Lake).

It presents, for the first time, a comprehensive picture of the IBP and the BTB within the most recent Intel processors, revealing their size, structure, and the precise functions governing index and tag hashing.

Additionally, this study reveals new details into the inner workings of Intel's hardware defenses, such as IBPB, IBRS, and STIBP, including previously unknown holes in their coverage.

Leveraging insights from reverse engineering efforts, this research develops highly precise Branch Target Injection (BTI) attacks to breach security boundaries across diverse scenarios, including cross-process and cross-privilege scenarios and uses the IBP and the BTB to break Address Space Layout Randomization (ASLR)."

The Indirector website is indirector.cpusec.org.

Indirector logo


The UCSD researchers suggest mitigating Indirector by using IBPB (Indirect Branch Predictor Barrier) more aggressively and better securing the BPU design. Greater IBPB use would come at significant performance cost. Intel for their part believes though that no further mitigations are required over what's already in place for the Spectre-style attacks. There is also this GitHub repository with more artifacts around Indirector.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week