More problems for Intel, the joint work of four U.S. universities, has discovered a new vulnerability that is present in the company’s processors, BranchScope.
BranchScop, new vulnerability based on speculative execution
BranchScope is a new vulnerability that affects Intel processors, which has one thing in common with Spectre 2, and that is that it takes advantage of bifurcation prediction (BPU), a part of the company’s speculative execution of processors. This new vulnerability attacks the directional bifurcation predictor, allowing you to retrieve content stored in SGX enclaves and extract information that should be inaccessible.
We recommend you read our post about AMD releasing patches for MasterKey, RyzenFall, Fallout, and Quimera
Fork prediction is a component of speculative execution that allows you to decide which operation to calculate beforehand; this technique is intended to predict the outcome of a computer process to improve processor performance compared to what would be offered without speculative execution.
When multiple processes are executed in the same physical core, they share a single branch prediction unit, which is useful in terms of utilization and complexity, but opens the door for an attacker to manipulate the shared BPU state, create a side channel, and derive a direction or target from a branching instruction executed by a victim process.
This new vulnerability would be present in the Sandy Bridge, Haswell, and Skylake processors, so far it has not been confirmed whether it is also present in Kaby Lake and Coffee Lake, although it is most likely so because they are based on Skylake. Fortunately, work is already underway to provide users with a security update to patch this issue, and it should reach users via Windows Update in the next few days.