logo

A Dirty Little History: Bypassing Spectre Hardware Defenses to Leak Kernel Data

Conference:  Black Hat USA 2022

2022-08-11

Summary

The presentation discusses the vulnerability of Spectre and the effectiveness of the defenses released by vendors to prevent cross-privileged level data leaks. The presenters introduce a new primitive called branch history injection and demonstrate how it can be exploited to bypass the defenses.
  • Spectre is a vulnerability that affects most modern CPUs and allows attackers to leak data across privileged levels
  • Vendors released software and other defenses to prevent cross-privileged level data leaks
  • The presenters tested the effectiveness of these defenses and found that they can be bypassed
  • The presenters introduce a new primitive called branch history injection that can be used to bypass the defenses
  • The presenters demonstrate how branch history injection can be exploited to leak kernel data
The presenters developed an end-to-end exploit that can leak the contents of etc-shadow in under 10 minutes, demonstrating the real-world threat of Spectre and the need for more effective defenses.

Abstract

The initial disclosure of Spectre in 2018 led to an unforeseen era of transient execution attacks. These attacks usually allow a lower-privileged attacker to leak arbitrary data from higher privileged security domains by observing the side-effects of transiently executed instructions. One especially powerful attack variant, Branch Target Injection (BTI), abuses misprediction and resulting mispeculation on indirect branches to transiently execute attacker-controlled instructions. To put a stop to this, affected vendors initially relied on a complicated set of software defenses and began only in the last two years to roll out in-silicon defenses to the consumer market.The initial disclosure of Spectre in 2018 led to an unforeseen era of transient execution attacks. These attacks usually allow a lower-privileged attacker to leak arbitrary data from higher privileged security domains by observing the side-effects of transiently executed instructions. One especially powerful attack variant, Branch Target Injection (BTI), abuses misprediction and resulting mispeculation on indirect branches to transiently execute attacker-controlled instructions. To put a stop to this, affected vendors initially relied on a complicated set of software defenses and began only in the last two years to roll out in-silicon defenses to the consumer market.To assess the security ramifications of this insight, we developed tooling to automatically test whether a userspace attacker can cause mispredictions in the kernel despite the enabled defenses. Using this tooling, we could verify that BHI, indeed, poses a threat to very recent systems, such as the Google Pixel 6 or systems with 12th generation Intel CPUs. Furthermore, we will also show that this threat is far from theoretical: We developed an end-to-end exploit leaking the contents of etc-shadow in under 10 minutes and provide a technical walk-through accompanied by live demos during this talk.

Materials:

Tags: