A group of researchers from the Free University of Amsterdam has identified a new attack method "Native BHI" (CVE-2024-2201), which allows you to determine the contents of the Linux kernel memory on systems with Intel processors when executing an exploit in user space. If an attack is applied to virtualization systems, an attacker from the guest system can determine the memory contents of the host environment or other guest systems.
The Native BHI method offers a different technique for exploiting the BHI vulnerability (Branch History Injection, CVE-2022-0001), which bypasses previously implemented protection methods. The BHI attack method proposed in 2022 implied exploiting a vulnerability in the CPU within a single privilege level, for which the exploit was based on executing an eBPF program loaded by the user into the kernel. To block the BHI attack method, it was enough to restrict access to the execution of eBPF code for ordinary users.
The new Native BHI method does not require access to eBPF and allows an attack to be performed by an unprivileged user from user space. The method is based on the execution of existing gadgets in the kernel code - sequences of commands that lead to speculative execution of instructions. To search for suitable gadgets in the kernel, a special InSpectre Gadget toolkit was developed, which, when analyzing the 6.6-rc4 kernel, revealed 1511 Spectre gadgets and 2105 auxiliary dispatching gadgets.
Based on the gadgets found, researchers have prepared an exploit that makes it possible to extract from the kernel buffers a string with the hash of the root user's password, downloaded from the /etc/shadow file. The speed of extracting data from the kernel memory is approximately 3.5 Kb per second.
The BHI method is an extended version of the Spectre-v2 attack, in which to bypass the added protection (Intel eIBRS and Arm CSV2) and organize data leakage, values are substituted into a buffer with a global branch history Buffer, which is used in the CPU to improve the accuracy of branch prediction by taking into account the history of past transitions. During an attack through manipulation of the transition history, conditions are created for incorrect prediction of the transition and speculative execution of necessary instructions, the result of which is deposited in the cache.
The difference from the Spectre-v2 attack is that it uses a Branch History Buffer instead of a Branch Target Buffer. To extract data from memory, the attacker must create conditions under which, when performing a speculative operation, the address will be taken from the area to be determined. After performing a speculative indirect jump, the jump address read from memory remains in the cache, after which one of the methods for determining the cache contents can be used to retrieve it based on analyzing changes in the access time to cached and non-cached data.
The use of Intel IBT (Indirect Branch Tracking) instructions and the hybrid FineIBT instruction flow protection mechanism implemented in the Linux kernel, which combines the use of hardware IBT instructions and kCFI (kernel Control Flow Integrity) software protection to block violations of the normal execution order (control flow), does not protect against a Native BHI attack. FineIBT allows execution on an indirect jump only if it jumps to the ENDBR instruction, which is placed at the very beginning of the function. Additionally (by analogy with the kCFI mechanism), hashes are checked next, which guarantee the immutability of pointers.
To protect against the new attack variant, a change has been added to the Linux kernel with the implementation of an additional protection mode that uses Intel's proposed hardware protection tools (BHI_DIS_S) or alternative software protection implemented for the KVM hypervisor. The fix is included in kernel releases 6.8.5, 6.6.26, 6.1.85, and 5.15.154. Xen hypervisor developers have also released a fix based on the use of BHI_DIS_S mode, which restricts predictions based on transition history. The fix is included in Xen releases 4.15.6, 4.16.6, 4.17.4, and 4.18.2.
BHI_DIS_S support is available in processors starting with Intel Alder Lake, as well as server CPUs starting with Intel Sapphire Rapids. For older processors, a software protection mode has been developed based on using sequences of instructions to clear the jump history buffer called when entering a system call or switching to another VM. The impact of software protection on performance has not yet been evaluated.
• Video:
The Native BHI method offers a different technique for exploiting the BHI vulnerability (Branch History Injection, CVE-2022-0001), which bypasses previously implemented protection methods. The BHI attack method proposed in 2022 implied exploiting a vulnerability in the CPU within a single privilege level, for which the exploit was based on executing an eBPF program loaded by the user into the kernel. To block the BHI attack method, it was enough to restrict access to the execution of eBPF code for ordinary users.
The new Native BHI method does not require access to eBPF and allows an attack to be performed by an unprivileged user from user space. The method is based on the execution of existing gadgets in the kernel code - sequences of commands that lead to speculative execution of instructions. To search for suitable gadgets in the kernel, a special InSpectre Gadget toolkit was developed, which, when analyzing the 6.6-rc4 kernel, revealed 1511 Spectre gadgets and 2105 auxiliary dispatching gadgets.
Based on the gadgets found, researchers have prepared an exploit that makes it possible to extract from the kernel buffers a string with the hash of the root user's password, downloaded from the /etc/shadow file. The speed of extracting data from the kernel memory is approximately 3.5 Kb per second.
The BHI method is an extended version of the Spectre-v2 attack, in which to bypass the added protection (Intel eIBRS and Arm CSV2) and organize data leakage, values are substituted into a buffer with a global branch history Buffer, which is used in the CPU to improve the accuracy of branch prediction by taking into account the history of past transitions. During an attack through manipulation of the transition history, conditions are created for incorrect prediction of the transition and speculative execution of necessary instructions, the result of which is deposited in the cache.
The difference from the Spectre-v2 attack is that it uses a Branch History Buffer instead of a Branch Target Buffer. To extract data from memory, the attacker must create conditions under which, when performing a speculative operation, the address will be taken from the area to be determined. After performing a speculative indirect jump, the jump address read from memory remains in the cache, after which one of the methods for determining the cache contents can be used to retrieve it based on analyzing changes in the access time to cached and non-cached data.
The use of Intel IBT (Indirect Branch Tracking) instructions and the hybrid FineIBT instruction flow protection mechanism implemented in the Linux kernel, which combines the use of hardware IBT instructions and kCFI (kernel Control Flow Integrity) software protection to block violations of the normal execution order (control flow), does not protect against a Native BHI attack. FineIBT allows execution on an indirect jump only if it jumps to the ENDBR instruction, which is placed at the very beginning of the function. Additionally (by analogy with the kCFI mechanism), hashes are checked next, which guarantee the immutability of pointers.
To protect against the new attack variant, a change has been added to the Linux kernel with the implementation of an additional protection mode that uses Intel's proposed hardware protection tools (BHI_DIS_S) or alternative software protection implemented for the KVM hypervisor. The fix is included in kernel releases 6.8.5, 6.6.26, 6.1.85, and 5.15.154. Xen hypervisor developers have also released a fix based on the use of BHI_DIS_S mode, which restricts predictions based on transition history. The fix is included in Xen releases 4.15.6, 4.16.6, 4.17.4, and 4.18.2.
BHI_DIS_S support is available in processors starting with Intel Alder Lake, as well as server CPUs starting with Intel Sapphire Rapids. For older processors, a software protection mode has been developed based on using sequences of instructions to clear the jump history buffer called when entering a system call or switching to another VM. The impact of software protection on performance has not yet been evaluated.
• Video:
