Branch Privilege Injection: Exploiting branch predictor race conditions

Summary

Branch Privilege Injection (CVE-2024-45332) brings back the full might of branch target injection attacks (Spectre-BTI) on Intel. Intel’s hardware mitigations against these types of attacks have held their ground for almost 6 years. In our work, we demonstrate how these mitigations can be broken due to a race condition in Intel CPUs. Our Branch Privilege injection attack is made possible by the following two main insights: Branch predictors on Intel processors are updated asynchronously to the instruction stream. We are the first to unveil this behavior and we can show that updates are delayed by tens or hundreds of cycles under certain conditions. These asynchronous updates are a feature and not a vulnerability by themselves. We find that there is insufficient synchronization between the branch predictor and the instruction stream during security critical operations. Branch predictor updates can still be in-flight when an affected processor switches privileges (e.g., user to kernel or guest to hypervisor) or performs an IBPB. Because these updates are still in-flight, they are associated with the wrong privilege mode once they land after the privilege switch. We call this new class of vulnerabilities Branch Predictor Race Conditions. We use the above insights to build an end-to-end Branch Privilege Injection attack that leaks arbitrary memory at 5.6KiB/s on an up-to-date Ubuntu 24.04 with all default mitigations enabled. The following video demonstrates how Branch Privilege Injection leaks arbitrary memory on an Intel Raptor Lake (13th gen) processor. VIDEO Affected Mitigations eIBRS: Intel has introduced enhanced Indirect Branch Restricted Speculation (eIBRS) as a Spectre-BTI mitigation on all its processors since the 9th generation (Coffee Lake Refresh).eIBRS aims to separate indirect branch prediction between different security domains by associating each prediction with its originating domain and later only using predictions from the current domain. IBPB: eIBRS...