Security News > 2024 > April > New Spectre v2 attack impacts Linux systems on Intel CPUs

New Spectre v2 attack impacts Linux systems on Intel CPUs
2024-04-10 17:19

Researchers have demonstrated the "First native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors.

Spectre V2 is a new variant of the original Spectre attack discovered by a team of researchers at the VUSec group from VU Amsterdam.

The new finding underscores the challenges in balancing performance optimization with security, which makes addressing fundamental CPU flaws complicated even six years after the discovery of the original Spectre.

Intel has already assigned CVE-2022-0001 and CVE-2022-0002 to BTI and BHI, respectively, while CVE-2024-2201 involves a new Spectre v2 exploit that works against the Linux kernel.

An exploit demonstrating the new Spectre V2 flaw can be seen in the video below.

Intel has also updated its mitigation recommendations for Spectre v2 and now proposes disabling unprivileged Extended Berkeley Packet Filter functionality, enabling Enhanced Indirect Branch Restricted Speculation, and enabling Supervisor Mode Execution Protection.


News URL

https://www.bleepingcomputer.com/news/security/new-spectre-v2-attack-impacts-linux-systems-on-intel-cpus/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 17 384 2365 1508 667 4924
Intel 6832 278 786 430 28 1522