BPI Attack Bypasses Spectre v2 Intel Defences On Intel CPUs

By
agarapuramesh
-
0
153
Spectre v2 Intel
BPI Attack Bypasses Spectre v2 Intel Defences On Intel CPUs

Researchers from ETH Zurich have exposed a critical new vulnerability in Intel CPUs breaks through hardware defenses previously believed to protect against Spectre v2 Intel attacks. The error, called Branch Privilege Injection (BPI), is enabled by a class of vulnerabilities known as Branch Predictor Race Conditions (BPRC). It occurs due to asynchronous operations within Intel’s branch predictor units, allowing predictions tagged with higher privilege levels to be injected from user space.

Introduction & Background

Brief on Spectre v2 Intel and Branch Target Injection (BTI)

Spectre v2, also known as Branch Target Injection (BTI), is a category of temporary execution attacks. These attacks control a CPU capability known as branch prediction, which current processors utilise to anticipate the subsequent execution path of a program, particularly at locations referred to as indirect branches. .

The fundamental of a BTI attack is to trick this prediction mechanism. An attacker manipulates the CPU so that it theoretically predicts that an indirect branch in a victim’s code should jump to an address chosen by the attacker. This attacker-chosen code, called a “disclosure gadget,” is designed to  access sensitive data. the CPU realizes the prediction was wrong and discards the speculative results, this temporary execution can cause sensitive data to leave subtle traces (like in cache memory). The attacker can then observe these traces through a side channel to leak the secret information. Hardware defenses were introduced to restrict these predictions, but new research shows vulnerabilities like BPRC can sometimes bypass them.

Privilege domain restrictions

eIBRS and AutoIBRS are hardware-based security features, act as mitigations against Spectre v2 Intel (Branch Target Injection) attacks. They are considered improved versions of the original Indirect Branch Restricted Speculation (IBRS).

Their primary function is to restrict branch predictions. They work by confirming predictions learned while the CPU is operating at a lower privilege level (like user applications) cannot impact branches when the CPU is operating at a higher treat level (like the operating system kernel). This separation aims to stop attackers in less privileged code from tricking the CPU’s speculative execution in privileged code. Unlike older methods, eIBRS/AutoIBRS are designed to be efficiently “always-active” after initial setup.

However, research has shown that race conditions in how the CPU’s branch predictor is updated, termed Branch Predictor Race Conditions (BPRC), can sometimes cause hardware restrictions to fail, allowing bypasses.

Branch prediction

Branch prediction is a way of modern CPUs try to run faster. When a program reaches a point where it could go one of several ways (like an if statement or a function call, an indirect branch where the destination isn’t fixed), the CPU guesses which path is most likely. then starts working on guessed path theoretically, before  knows for sure if the guess was right. This is like the CPU trying to get a head start.

The Discovery

What is BPRC?

BPRC stands for Branch Predictor Race Conditions. It’s defined as a new class of microarchitectural liabilities or an event-misordering effect. Conditions stand up for branch predictors on Intel processors are updated asynchronously to the instruction stream. This asynchronous behavior is a feature of the CPU, not a vulnerability on its own. But, the vulnerability occurs for there is inadequate synchronization between the branch predictor and the instruction stream during security-critical operations.

Specifically, branch predictor updates can still be “in-flight” when an affected processor switches rights (like from user mode to kernel mode) or performs an IBPB (Indirect Branch Prediction Barrier). As a result,  delayed updates may be linked with the wrong privilege mode once they finally land after the privilege switch. It leads to a violation of hardware-enforced security boundaries, such as the separation between user and kernel contexts, or guest and hypervisor contexts.

Branch Privilege Injection (BPI)

Branch Privilege Injection (BPI) is presented as a new Branch Target Injection (BTI) primitive is made possible by misusing BPRC, exactly the user-to-kernel variant (BPRCU→K). the BPRCU→K vulnerability,  allows branch target predictions learned in user mode to sometimes be associated with the kernel privilege domain, BPI enables an attacker to inject arbitrary branch predictions tagged with kernel privilege from user mode.

An essentially revives the entire class of cross-privilege BTI attacks  were thought to be mitigated by hardware defenses like eIBRS. The researchers confirmed the impact of BPI with an end-to-end feat. An exploit was able to leak arbitrary kernel memory from up-to-date Linux systems and specifically confirmed leaking the root password hash from /etc/shadow. The leak was verified at a rate of 5.6 KiB/s on Intel Raptor Cove CPUs.

 Possibility of Impact

An explanation of the possibility of impact related to Branch Predictor Race Conditions (BPRC) and Branch Privilege Injection (BPI):

The susceptibility defined as Branch Predictor Race Conditions (BPRC) and its exploitation primitive, Branch Privilege Injection (BPI), have a specific scope of impact as detailed in the below:

  • Affected Intel CPUs: This vulnerability affects six generations of Intel CPUs where improved Indirect Branch Restricted Speculation (eIBRS) is enabled. This contains processors like Raptor Lake, Alder Lake, and Skylake, specifically covering microarchitectures such as Raptor Cove, Golden Cove, Gracemont, Cypress Cove, and Skylake. An approximately, it impacts all Intel processors since the 9th generation (Coffee Lake Refresh). The BPRC vulnerability has been found across at least six different generations of Intel processor microarchitectures since the introduction of Spectre v2 Intel hardware mitigations.
  • Unaffected Processors: The examination conducted by the researchers has not found any issues on the AMD and ARM systems. They found no observable Asynchronous Branch Predictor Updates (ABPU),it is a requirement for the vulnerability, on  processors. AMD and ARM have agreed with this assessment.
  • CVE Assignment: Intel officially assigned the vulnerability the identifier CVE-2024-45332.
  • Responsible Disclosure: The vulnerability was responsibly disclosed to Intel PSIRT in September 2024. To allow time for the development and testing of necessary mitigations, the findings were held under restriction until May 13, 2025.

 Activity Demo

The researchers successfully established their attack on up-to-date Ubuntu 24.04 systems running the latest kernel (v6.8.0-47-generic). This was a practical, end-to-end activity.

The outcome of the attack was to leak arbitrary kernel memory, specifically representing the leak of the root password hash from /etc/shadow as an poor user. On an Intel Raptor Lake CPU, the median time to leak the full hash was 21 seconds.

The activity involved killing several technical challenges:

  • Breaking KASLR (Kernel Address Space Layout Randomization) to determine kernel memory locations.
  • Injection of kernel branch targets from user space into the branch predictor, a capability provided by the new Branch Privilege Injection (BPI) primitive.
  • Use of real kernel gadgets, which are specific sequences of instructions within the kernel code, to access and transmit the secret data.

Justifications

Here are the  justifications for the Branch Predictor Race Conditions (BPRC) and Branch Privilege Injection (BPI) vulnerabilities:

To address the BPRC vulnerability that compromises Spectre v2 Intel hardware mitigations, several mitigation strategies have been proposed and assessed.

  • Intel has established a microcode update for affected processors. This update was provided to the researchers in early 2025. The microcode update is intended to provide an in-depth mitigation, including against other potential BPRC variants and specifically fixing BPRCIBPB. The researchers verified  this update removes the signal for the three BPRC variants discussed in the paper. The observed overhead for the microcode mitigation is 1.4% / 2.7% (UnixBench/lmbench) on Alder Lake.
  • Outside the microcode update, potential software justification strategies have also been evaluated. One approach is using retpolines. Retpolines replace indirect branches and, when combined with disabling alternate return target prediction in supervisor mode (RRSBA_DIS_S) on supported processors, they goal to eliminate consumable branches. This combination was analytically validated and showed no more cache gadget hits for returns affected by RSBA. This mitigation suffers an overhead of up to 3.1% / 8.3% (UnixBench/lmbench) depending on the benchmark and processor. Another strategy, available on newer Intel CPUs, is enabling the IPRED_DIS_S speculation control. This control prevents speculative execution at the predicted target of indirect jumps, calls, and RSBA-predicted returns until the target is resolved. Empirically verified, enabling IPRED_DIS_S on supported microarchitectures eliminated cache gadget hits. This mitigation has a lower overhead of up to 1.7% / 6.4% (UnixBench/lmbench).
  • It is famous: the Indirect Branch Prediction Barrier (IBPB),  considered a last-resort defense for isolating distrusting contexts, is also bypassed by BPRC variants (specifically BPRCIBPB). Using IBPB on kernel/hypervisor entry, as some AMD parts do, is therefore not a viable option against BPRC.

 Responsible Disclosure

Clarification of the responsible disclosure process for the Branch Predictor Race Conditions (BPRC) and Branch Privilege Injection (BPI) vulnerabilities:

  • The researchers from ETH Zurich  a responsible disclosure process for their findings. They disclosed BPRC to Intel PSIRT in September 2024 and provided proof-of-concept code upon request. There was collaboration with Intel STORM and security research teams during this process.
  • Intel confirmed that they were the first to report BPRCand assigned CVE-2024-45332. Intel stated that a microcode update is required for a full mitigation. To provide sufficient time for the development and testing of this update, the findings were held under embargo until May 13, 2025.
  • The researchers also informed AMD and ARM, who agreed with the assessment that their processors appear unaffected. In line with open science policy, ETH Zurich released a detailed whitepaper and proof-of-concept code on GitHub under the repository name comsec-group/bprc, enabling the security community to verify the results.

 Industry Implications

Branch Privilege Injection (BPI) and Branch Predictor Race Conditions (BPRC) has significant implications for the industry:

  1. It highlights how fundamental timing issues, specifically race conditions, within the microarchitecture can invalidate the separation of privileges. BPRC, an event-misordering effect of branch predictors, violates the security assumptions of hardware-enforced privilege and context separation mechanisms like eIBRS and IBPB on Intel CPUs.
  2. vulnerability raises concerns over the sufficiency of current speculative execution defenses. Despite years of hardware security advances against Spectre v2 Intel (Branch Target Injection) attacks, BPRC demonstrates a method to bypass these mitigations, indicating existing defenses may be built on unstable assumptions.
  3. signal a need for ongoing examination of theoretical mechanisms in CPUs. The demo of BPI, which revives cross-privilege BTI attacks, highlights the breakability of microarchitectural security and underscores the need for full validation of CPU designs.

 Conclusion

Branch Privilege Injection (BPI) and Branch Predictor Race Conditions (BPRC) has important inferences for computer security.

The findings by ETH Zurich researchers the threat landscape for theoretical execution attacks. Their work proves Branch Predictor Race Conditions (BPRC), an event-misordering effect of branch predictors, can disturb hardware-enforced privilege and context separation devices in all recent Intel CPUs. This is important for mechanisms such as eIBRS and IBPB, which were considered healthy against previous Spectre v2 Intel attacks. BPI, which leverages BPRC, effectively revives the entire class of cross-privilege Branch Target Injection (BTI) attacks that were believed to be mitigated since the introduction of eIBRS.

This discovery also highlights the breakability of microarchitectural security. It highlights fundamental timing issues and race conditions within the CPU’s microarchitecture that can erode core security boundaries and invalidate privileged separation. As quoted, it suggests that “Even the most robust-sounding hardware defenses may be built on unstable assumptions”.

Finally, the results signal the need for ongoing examination of theoretical mechanisms in CPUs and underscore the need for full validation of CPU designs to ensure that microarchitectural behaviours do not introduce vulnerabilities that bypass implemented security features.