Yet another weakness in CPU branch prediction demonstrated on several Intel CPUs

IO.Hazard · 27. Mar 2018, 09:08 PM

In this "new" flaw, called BranchScope:

"an attacker primes the PHT and running branch instructions so that the PHT will always assume a particular branch is taken or not taken. The victim code then runs and makes a branch, which is potentially disturbing the PHT. The attacker then runs more branch instructions of its own to detect that disturbance to the PHT; the attacker knows that some branches should be predicted in a particular direction and tests to see if the victim's code has changed that prediction.".

https://arstechnica.com/gadgets/2018...ction-attacks/

The researchers aren't sure how widespread BranchScope will be, but just like with Spectre, it still requires the attacker to be able to execute code on the victim's computer. As many specialists have said, it could take months or even years to fully discover and patch the bugs associated with speculative execution.

Burn-IT · 28. Mar 2018, 05:36 PM

Surely allowing someone access to your machine to run the code is a bigger worry!!

27. Mar 2018, 09:08 PM	#1 (permalink)
IO.Hazard Senior Member Join Date: Aug 2012 Posts: 192	Yet another weakness in CPU branch prediction demonstrated on several Intel CPUs In this "new" flaw, called BranchScope: "an attacker primes the PHT and running branch instructions so that the PHT will always assume a particular branch is taken or not taken. The victim code then runs and makes a branch, which is potentially disturbing the PHT. The attacker then runs more branch instructions of its own to detect that disturbance to the PHT; the attacker knows that some branches should be predicted in a particular direction and tests to see if the victim's code has changed that prediction.". https://arstechnica.com/gadgets/2018...ction-attacks/ The researchers aren't sure how widespread BranchScope will be, but just like with Spectre, it still requires the attacker to be able to execute code on the victim's computer. As many specialists have said, it could take months or even years to fully discover and patch the bugs associated with speculative execution.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

28. Mar 2018, 05:36 PM	#2 (permalink)
Burn-IT Senior Member Join Date: May 2010 Posts: 555	Surely allowing someone access to your machine to run the code is a bigger worry!!