Security News > 2024 > April > New Spectre v2 attack impacts Linux systems on Intel CPUs
Researchers have demonstrated the "First native Spectre v2 exploit" for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors.
Spectre V2 is a new variant of the original Spectre attack discovered by a team of researchers at the VUSec group from VU Amsterdam.
The new finding underscores the challenges in balancing performance optimization with security, which makes addressing fundamental CPU flaws complicated even six years after the discovery of the original Spectre.
Intel has already assigned CVE-2022-0001 and CVE-2022-0002 to BTI and BHI, respectively, while CVE-2024-2201 involves a new Spectre v2 exploit that works against the Linux kernel.
An exploit demonstrating the new Spectre V2 flaw can be seen in the video below.
Intel has also updated its mitigation recommendations for Spectre v2 and now proposes disabling unprivileged Extended Berkeley Packet Filter functionality, enabling Enhanced Indirect Branch Restricted Speculation, and enabling Supervisor Mode Execution Protection.
News URL
Related news
- Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)
- Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems (source)
- Linux 'io_uring' security blindspot allows stealthy rootkit attacks (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- Hackers now testing ClickFix attacks against Linux targets (source)
- New Intel CPU flaws leak sensitive data from privileged memory (source)
- Intel's data-leaking Spectre defenses scared off yet again (source)
- Microsoft fixes Linux boot issues on dual-boot Windows systems (source)