Depositphotos
Cybersecurity experts from the Swiss Federal Institute of Technology in Zurich have discovered a serious vulnerability in all modern Intel processors, which allows attackers to steal users’ personal data.
It is noted, that the vulnerability applies to almost all modern Intel processors. To increase the speed of information processing, modern computers use an algorithm to predict some of the next steps. The processor uses RAM and buffer memory (cache) to temporarily store data and calculations that can be used later.
«We can exploit the vulnerability to read the entire contents of the CPU buffer memory (cache) and working memory of another user of the same CPU», — explains the head of the research team Kaveh Razavi.
According to cyber expert Sandro Rügge, hackers can exploit the so-called branch predictor race conditions (BPRC), which occur within a short period of a few nanoseconds when the processor switches between predicted calculations for two users with different access levels. Overcoming the built-in security barriers, the so-called privileges, is possible because permissions for individual actions are not stored simultaneously with the calculations.
The researchers found that harbinger updates can cross privilege boundaries when switching, for example, from user mode to kernel mode. At this point, the wrong level of privilege may be granted. This breaks the separation between user and privileged modes. This way, a regular user can access the kernel data.
Cyber experts have created an exploit, which taught the processor to anticipate a certain transition. After that, a system call was requested to transfer execution to the kernel. This allows the attacker to use special code to access confidential data in the cache.
Using an auxiliary channel, the attacker can steal confidential data. During a demonstration on Ubuntu 24.04 with standard security measures enabled, the researchers successfully read data from the /etc/shadow/ file containing password hashes. The maximum leak rate reached 5.6 KB/sec with 99.8% accuracy.
The CVE-2024-45332 vulnerability affects all Intel processors, starting with the 9th generation, including Coffee Lake, Comet Lake, Rocket Lake, Alder Lake and Raptor Lake. Although the attack was demonstrated on Linux, the vulnerability is at the hardware level, and could theoretically be exploited on Windows. Intel was notified of the discovery in September 2024. The company released a microcode update for the vulnerable models. Hardware measures reduce performance by an average of 2.7%, and software protection measures from 1.6% to 8.3%, depending on the specific processor model.
The risk to ordinary users is assessed as low, as the attack requires a number of conditions to be met. Nevertheless, it is recommended to install the latest BIOS/UEFI and OS updates.
Source: SciTechDaily