| Disclosure date: 2022-03-08 Published date: 2022-03-08 |
|
Industry-wide severity ratings can be found in the National Vulnerability Database |
Severity rating: Related Content
- Branch History Injection technical documentation
- Branch Target Injection (Spectre v2) Advisory Guidance
- Speculative Execution Side Channel Mitigations
- Retpoline: A Branch Target Injection Mitigation
- Managed Runtime Speculative Execution Side Channel Mitigations
- Intel Analysis of Speculative Execution Side Channels
- Mitigation Overview for Side Channel Exploits in Linux*
Overview
Branch Target Injection (BTI) (sometimes referred to as Spectre variant 2) is a known cross-domain transient execution attack where an attacker may seek to cause a disclosure gadget to be speculatively executed after an indirect branch prediction.
Generally, transient execution attacks require an attacker to be able to run code on the same machine (or the same virtual machine) as the data they are attempting to read, but do not have access to the data (such as where privilege-level isolation is in place). The recommendations below are applicable to situations where transient execution attacks are within the user's threat model.
Intra-mode BTI (IMBTI) refers to a variant of BTI where an indirect branch speculates to an aliased predictor entry for a different indirect branch1 in the same predictor mode, and a disclosure gadget at the predicted target will transiently execute. Such predictor entries may contain targets corresponding to the targets of indirect near jump, indirect near call and/or near return instructions, even if these branches were only transiently executed. Managed runtimes can provide an attacker with the means to create the aliasing required for intra-mode BTI attacks. IMBTI has been assigned CVE-2022-0002 with a CVSS base score of 4.7 (Medium) CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N.
Branch History Injection (BHI) describes a specific form of intra-mode BTI, where an attacker may manipulate branch history before transitioning from user to supervisor or guest to VMX root mode in an effort to cause an indirect branch predictor to select a specific predictor entry for an indirect branch, and a disclosure gadget at the predicted target will transiently execute. This may be possible since the relevant branch history may contain branches taken in previous security contexts, and in particular, in other predictor modes. BHI as been assigned CVE-2022-0001 with a CVSS base score of 4.7 (Medium) CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N.
Researchers from VU Amsterdam have demonstrated BHI and intra-mode BTI attacks against the Linux* kernel by creating a kernel-mode disclosure gadget using a feature known as eBPF (the extended Berkeley Packet Filter). The indirect branch in the Linux system call dispatcher may then speculatively select an indirect branch predictor entry—based on partially attacker-controlled branch history—which corresponds to the attacker’s eBPF disclosure gadget. While the kernel eBPF verifier mitigates most transient execution attack variants, at the time of writing it does not defend against this form of attack.
Update: Since this guidance was originally published in 2022, the VU Amsterdam researchers have proposed new software techniques to identify and potentially exploit disclosure gadgets using BHI. Intel has added additional information to the technical documentation to address this development (Guidelines for Applying Additional Hardening Options). OS and VMM software vendors may wish to consider a broader range of potential approaches when deciding on appropriate mitigation options, such as those described in the Additional Hardening Options section. The Software BHB-clearing Sequence section has been updated to add descriptive names for each software sequence, and the Software Mitigations in Migration Pools section has also been updated to describe improvements to the virtual MSR interface.
On BHI-affected processors, Intel recommends disabling unprivileged eBPF, enabling eIBRS and enabling SMEP. This will mitigate the demonstrated BHI attack as well as other intra-mode BTI attacks using eBPF. This makes transient execution attacks more difficult in general and is the current default configuration for most Linux distributions. Refer to the Branch History Injection technical guidance for more detailed mitigation guidance.
In addition to the demonstrated attacks using eBPF, the possibility exists that there may be other BHI attacks identified in the future. Such potential BHI attacks can be mitigated by adding LFENCE to specific identified gadgets that are found to be exploitable. The BHI technical guidance provides details on this and other mitigation options which could be considered for various threat models, including software BHB clearing sequences which can be executed when transitioning between domains, BHB-specific indirect predictor disable controls, or retpoline.
Future processors are expected to mitigate BHI attacks in hardware, and the BHI technical guidance describes the way in which future hardware will enumerate such hardware mitigation. In situations where these BHI mitigations are not viable, or environments where intra-mode BTI is a concern (for example, where managed runtimes like unprivileged eBPF are in use), potential mitigations for intra-mode BTI are also included.
Mitigations
Intel has updated the BHI mitigation guidance in response to new external research that has identified additional disclosure gadgets in the Linux kernel. Customers may wish to implement additional software hardening as described in the Additional Hardening Options section and the new Guidelines for Applying Additional Hardening Options section in the Branch History Injection technical guidance to address these new developments.
Affected Processors
Refer to the Branch History Injection (CVE-2022-0001) and Intra-mode Branch Target Injection (CVE-2022-0002) columns of the consolidated Affected Processors table (2022 tab) linked above, which indicate the processors for which privileged code may be affected by BHI (CVE-2022-0001) and/or intra-mode BTI (CVE-2022-0002) when the IBRS/eIBRS mitigations against BTI are properly applied. For example, this table may indicate that a processor is not affected by intra-mode BTI if IBRS or retpoline applied to privileged (kernel or VMM) code stops all speculative execution at the targets of indirect jumps and calls; even though the behavior behind intra-mode BTI may occur when IBRS or retpoline is not applied (for example, to application code).