Security researchers from Vrije Universiteit Amsterdam showed the hardware mitigations to Spectre v2 attacks implemented in both Intel and Arm processors have fundamental flaws that make them vulnerable to branch history injection.
After the disclosure of the Spectre v2 vulnerability, Intel and Arm introduced hardware mitigations aimed to isolate different privilege domains in speculative execution. The attack they mitigated, based on branch target injection, was relatively easy to carry through, according to the researchers:
Unprivileged userland attacker could feed any branch target to the indirect branch predictor from userland and trick the kernel into speculatively jumping into the injected target code location and executing the code found there.
Effective privilege domain isolation would definitely prevent any such attacks. It turns out, though, that both Intel and Arm hardware mitigations, known as Intel eIBRS and Arm CSV2, are only providing incomplete isolation and can be circumvented by a new kind of side-channel attack (CVE-2022-0001, CVE-2022-2396):
The hardware mitigations do prevent the unprivileged attacker from injecting predictor entries for the kernel. However, the predictor relies on a global history to select the target entries to speculatively execute. And the attacker can poison this history from userland to force the kernel to mispredict to more “interesting” kernel targets (i.e., gadgets) that leak data.
In other words, the hardware mitigations have a design flaw in that they fail to isolate all elements involved in branch predictions, such as the branch prediction history.
In a paper accepted for publication at the 31th USENIX Security Symposium 2022, the researchers analyze the security guarantees provided by Intel, Arm, and AMD processors implementing hardware mitigations to Spectre v2 and implemented an end-to-end userland exploit able to leak arbitrary memory from a fully protected Linux system.
The researchers actually go beyond simply showing that the current hardware mitigations are ineffective and also demonstrate that any isolation-based approach is indeed ineffective (CVE-2022-0002).
At the moment, say the researchers, the only approach to mitigating Spectre v2 attacks is through software defenses such as retpoline.
Retpoline is an effective defense because it impairs the overall branch prediction mechanism by replacing indirect branches, i.e., those that are determined at run-time, with return instructions. While effective, retpoline's major drawback is its negative effect on performance.
Additionally, the researchers suggest to disable exploitation-friendly features such as unprivileged eBPF to reduce the remaining attack surface.