New "BranchScope" Side-channel CPU Vulnerability Threatens Modern Processors

btarunr · Mar 28, 2018

In the age of cyber-security vulnerabilities being named by their discoverers, much like incoming tropical storms, the latest, which exploits speculative execution of modern processors, is named "BranchScope," discovered by academics from four US universities, Dmitry Evtyushkin, Ryan Riley, Nael Abu-Ghazaleh, and Dmitry Ponomarev. The vulnerability has been successfully tested on Intel "Sandy Bridge," "Haswell," and "Skylake" micro-architectures, and remains to be tested on AMD processors. It bears similarities to "Spectre" variant 2, in that it is an exploit of the branch prediction features of modern CPUs.

BranchScope differs from Spectre variant 2, in that while the latter exploits the branch target buffer, BranchScope goes after the directional branch predictor, a component that decides which speculative operations to execute. By misdirecting it, attackers can make the CPU read and spit out data from the memory previously inaccessible. The worst part? You don't need administrative privileges to run the exploit, it can be run from the user-space. Unlike CTS-Labs, the people behind the BranchScope discovery appear to have alerted hardware manufacturers significantly in advance, before publishing their paper (all of it, including technicals). They will present their work at the 23rd ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2018), later today.

View at TechPowerUp Main Site

Vya Domus · Mar 28, 2018

If they don't make a fancy website and some buzzfeed type videos about this it ain't worth our time. :laugh:

Joking aside , I wonder just how many of these things will be found out until no one will care anymore.

windwhirl · Mar 28, 2018

I predict this whole "vulnerabilities everywhere" thing won't stop anytime soon.

At least it seems like they told Intel in advance..

Patriot · Mar 28, 2018

windwhirl said:
I predict this whole "vulnerabilities everywhere" thing won't stop anytime soon.

At least it seems like they told Intel in advance..

Hopefully they will develop better design and coding practices...

dorsetknob · Mar 28, 2018

windwhirl said:
At least it seems like they told Intel in advance..

Again time to pull on the Chamber pot i have covered in tinfoil to wear as a security Hat

To me this smacks of the PAST 3 letter Agency Activity in Action and their pet BackDoors now useless coming to the fore.
The Full body Armor living in a faraday cage nutters Said those 3 l A had paid Intel to Bake in Back Doors

Time for me to go i can feel something dripping down my neck

hat · Mar 28, 2018

windwhirl said:
I predict this whole "vulnerabilities everywhere" thing won't stop anytime soon.

At least it seems like they told Intel in advance..

Sure seems to be the trend doesn't it... I guess we can no longer trust win xp on an unprotected network anymore... :laugh:

Fatalfury · Mar 28, 2018

An Another day... an another security vulnerability/ hack / data breach/ data exploits....

its just a normal day guyz... people will forget in 1 or 2 days..until the next major security breach comes in..

its a normal businees day for intel/AMD/facebook/yahoo etc...
people will still buy them & use them....no matter what..for there's nothing a normal consumer can do...
end of the story

mcraygsx · Mar 28, 2018

Fatalfury said:
An Another day... an another security vulnerability/ hack / data breach/ data exploits....

its just a normal day guyz... people will forget in 1 or 2 days..until the next major security breach comes in..

its a normal businees day for intel/AMD/facebook/yahoo etc...
people will still buy them & use them....no matter what..for there's nothing a normal consumer can do...
end of the story

"You don't need administrative privileges to run the exploit, it can be run from the user-space."

the54thvoid · Mar 28, 2018

This announcement so clearly demonstrates the very bad PR extravaganza that was CTS-Labs. This has no inflammatory statements, it is not derogatory and it does not make predictions of gloom and doom. This is how these things are meant to be released, as far as we can see, and also, more importanly, how news outlets should cover them.

As far as this breach, I assume it means you can read the cached RAM data remotely? Not as dangerous as a BIOS infected system but as it does not require admin rights, possibly far more likely to happen.

ikeke · Mar 28, 2018

This looks bad. In essence , because intel has made its branch prediction logic so good (the reason Intel CPUs are as good as they are at what they do) , it knows too much and tells anyone (on the same host) who knows how to ask everything.

We demonstrate BranchScope on three recent Intel x86_64
processors — Sandy Bridge, Haswell and Skylake. To perform
BranchScope, the attacker does not need to reverse-engineer
the details of the branch predictor operation, and only needs
to perform simple manipulations with the prediction state
machines from the user space. We also demonstrate how
BranchScope can be extended to attack SGX enclaves even if
recently-proposed protections are implemented. We show
that BranchScope can be performed across hyperthreaded
cores, advancing previously demonstrated BTB-based attacks
which leaked information only between processes scheduled
on the same virtual core [21].

ShurikN · Mar 28, 2018

Easo · Mar 28, 2018

How much performance loss this time? :/

ikeke · Mar 28, 2018

Any "fixes" on branch predictor logic come with performance cost.

Couple percent up to double digits on edge cases.

Deleted member 50521 · Mar 28, 2018

Wait a minute. No green screened video? No flashy "XXX Flaws" websites? No "CPU Companies should file chapter 11"? What is wrong with this?

Oh wait, this is from actual security researcher, not some attention whore.

Readlight · Mar 28, 2018

Is that mean Sandy Bridge needs to run in offline (no internet) mode.

TheDeeGee · Mar 28, 2018

So at the end with all 139875945 patches applied our CPUs will perform like a Pentium 3.

PowerPC · Mar 28, 2018

The only lesson from this is: never trust your personal data to any computer that is even remotely online. Have a separate PC at home without any access to the internet. Probably until the end of time, this is the only truth about data security. Only way you can stop reading these news and sleep tight.

R-T-B · Mar 29, 2018

PowerPC said:
The only lesson from this is: never trust your personal data to any computer that is even remotely online.

That's extreme.

I've always been more partial to the philosophy of "make your data harder to access than it's worth"

That can be acomplished, even today.

KarymidoN · Mar 29, 2018

So this guys actually sent an advanced warning to Intel? No Intelflaws.com? hmmm :laugh:

Jokes aside, what a good reading on their paper, really a professional work on finding a explaining the Vulnerability.

System Name	RBMK-1000
Processor	AMD Ryzen 7 5700G
Motherboard	Gigabyte B550 AORUS Elite V2
Cooling	DeepCool Gammax L240 V2
Memory	2x 16GB DDR4-3200
Video Card(s)	Galax RTX 4070 Ti EX
Storage	Samsung 990 1TB
Display(s)	BenQ 1440p 60 Hz 27-inch
Case	Corsair Carbide 100R
Audio Device(s)	ASUS SupremeFX S1220A
Power Supply	Cooler Master MWE Gold 650W
Mouse	ASUS ROG Strix Impact
Keyboard	Gamdias Hermes E2
Software	Windows 11 Pro

System Name	Good enough
Processor	AMD Ryzen R9 7900 - Alphacool Eisblock XPX Aurora Edge
Motherboard	ASRock B650 Pro RS
Cooling	2x 360mm NexXxoS ST30 X-Flow, 1x 360mm NexXxoS ST30, 1x 240mm NexXxoS ST30
Memory	32GB - FURY Beast RGB 5600 Mhz
Video Card(s)	Sapphire RX 7900 XT - Alphacool Eisblock Aurora
Storage	1x Kingston KC3000 1TB 1x Kingston A2000 1TB, 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s)	LG UltraGear 32GN650-B + 4K Samsung TV
Case	Phanteks NV7
Power Supply	GPS-750C

System Name	System V
Processor	AMD Ryzen 7 9700X
Motherboard	ASRock X670E Pro Rs
Cooling	Deepcool AK620 // a bunch of 120 mm Xigmatek 1500 RPM fans (2 ins, 3 outs)
Memory	2x16GB Kingston 6400MT CL32
Video Card(s)	Gigabyte AORUS Radeon RX 580 8 GB
Storage	SHFS37A240G / DT01ACA200 / ST10000VN0008 / ST8000VN004 / SA400S37960G / SNV21000G / NM620 2TB
Display(s)	LG 22MP55 IPS Display
Case	NZXT Source 210
Audio Device(s)	Logitech G430 Headset
Power Supply	XPG Core Reactor 750 W
Software	Whatever build of Windows 11 is being served in Canary channel at the time.

System Name	[H]arbringer
Processor	4x 61XX ES @3.5Ghz (48cores)
Motherboard	SM GL
Cooling	3x xspc rx360, rx240, 4x DT G34 snipers, D5 pump.
Memory	16x gskill DDR3 1600 cas6 2gb
Video Card(s)	blah bigadv folder no gfx needed
Storage	32GB Sammy SSD
Display(s)	headless
Case	Xigmatek Elysium (whats left of it)
Audio Device(s)	yawn
Power Supply	Antec 1200w HCP
Software	Ubuntu 10.10
Benchmark Scores	http://valid.canardpc.com/show_oc.php?id=1780855 http://www.hwbot.org/submission/2158678 http://ww

System Name	Starlifter :: Dragonfly
Processor	i7 2600k 4.4GHz :: i5 10400
Motherboard	ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling	Cryorig M9 :: Stock
Memory	4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s)	PNY GTX1070 :: Integrated UHD 630
Storage	Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s)	Onn 165hz 1080p :: Acer 1080p
Case	Antec SOHO 1030B :: Old White Full Tower
Audio Device(s)	Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply	FSP Hydro GE 550w :: EVGA Supernova 550
Software	Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores	>9000

New "BranchScope" Side-channel CPU Vulnerability Threatens Modern Processors

btarunr

Editor & Senior Moderator

Vya Domus

windwhirl

Patriot

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"

hat

Enthusiast

Fatalfury

mcraygsx

the54thvoid

Super Intoxicated Moderator

ikeke

ShurikN

Easo

ikeke

Deleted member 50521

Guest

Readlight

TheDeeGee

PowerPC

R-T-B

KarymidoN

Processor	Intel 7700K 5.1Ghz (Intel advised me not to OC this CPU)
Motherboard	Asus Maximus IX Code
Cooling	Corsair Hydro H115i Platinum
Memory	48GB G.Skill TridentZ DDR4 3200 Dual Channel (2x16 & 2x8)
Video Card(s)	nVIDIA Titan XP (Overclocks like a champ but stock performance is enough)
Storage	Intel 760p 2280 2TB
Display(s)	MSI Optix MPG27CQ Black 27" 1ms 144hz
Case	Thermaltake View 71
Power Supply	EVGA SuperNova 1000 Platinum2
Mouse	Corsair M65 Pro (not recommded, I am on my second mouse with same defect)
Software	Windows 10 Enterprise 1803
Benchmark Scores	Yes I am Intel fanboy that is my benchmark score.

Processor	Ryzen 7800X3D
Motherboard	MSI MAG Mortar B650 (wifi)
Cooling	be quiet! Dark Rock Pro 4
Memory	32GB Kingston Fury
Video Card(s)	MSI RTX 5080 Vanguard SOC
Storage	Seagate FireCuda 530 M.2 1TB / Samsumg 960 Pro M.2 512Gb
Display(s)	LG 32" 165Hz 1440p GSYNC
Case	Asus Prime AP201
Audio Device(s)	On Board
Power Supply	be quiet! Pure POwer M12 850w Gold (ATX3.0)
Software	W10

System Name	Steamy
Processor	Ryzen 7 2700X
Motherboard	Asrock AB350M-Pro4
Cooling	Wraith Prism
Memory	2x8GB HX429C15PB3AK2/16
Video Card(s)	R9 290X WC
Storage	960Evo 500GB nvme
Case	Fractal Design Define Mini C
Power Supply	Seasonic SS-660XP2
Software	Windows 10 Pro
Benchmark Scores	http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n

Processor	Ryzen 5600
Motherboard	X570 I Aorus Pro
Cooling	Deepcool AG400
Memory	HyperX Fury 2 x 8GB 3200 CL16
Video Card(s)	RX 6700 10GB SWFT 309
Storage	SX8200 Pro 512 / NV2 512
Display(s)	24G2U
Case	NR200P
Power Supply	Ion SFX 650
Mouse	G703 (TTC Gold 60M)
Keyboard	Keychron V1 (Akko Matcha Green) / Apex m500 (Gateron milky yellow)
Software	W10

System Name	Personal \\ Work - HP EliteBook 840 G6
Processor	7700X \\ i7-8565U
Motherboard	Asrock X670E PG Lightning
Cooling	Noctua DH-15
Memory	G.SKILL Trident Z5 RGB Black 32GB 6000MHz CL36 \\ 16GB DDR4-2400
Video Card(s)	ASUS RoG Strix 1070 Ti \\ Intel UHD Graphics 620
Storage	2x KC3000 2TB, Samsung 970 EVO 512GB \\ OEM 256GB NVMe SSD
Display(s)	BenQ XL2411Z \\ FullHD + 2x HP Z24i external screens via docking station
Case	Fractal Design Define Arc Midi R2 with window
Audio Device(s)	Realtek ALC1150 with Logitech Z533
Power Supply	Corsair AX860i
Mouse	Logitech G502
Keyboard	Corsair K55 RGB PRO
Software	Windows 11 \\ Windows 10

System Name	Fujitsu Siemens, HP Workstation
Processor	Athlon x2 5000+ 3.1GHz, i5 2400
Motherboard	Asus
Memory	4GB Samsung
Video Card(s)	rx 460 4gb
Storage	750 Evo 250 +2tb
Display(s)	Asus 1680x1050 4K HDR
Audio Device(s)	Pioneer
Power Supply	430W
Mouse	Acme
Keyboard	Trust

System Name	TheDeeGee's PC
Processor	Intel Core i7-11700
Motherboard	ASRock Z590 Steel Legend
Cooling	Noctua NH-D15S
Memory	Crucial Ballistix 3200/C16 32GB
Video Card(s)	Nvidia RTX 4070 Ti 12GB
Storage	Crucial P5 Plus 2TB / Crucial P3 Plus 2TB / Crucial P3 Plus 4TB
Display(s)	EIZO CX240
Case	Lian-Li O11 Dynamic Evo XL / Noctua NF-A12x25 fans
Audio Device(s)	Creative Sound Blaster ZXR / AKG K601 Headphones
Power Supply	Seasonic PRIME Fanless TX-700
Mouse	Logitech G500S
Keyboard	Keychron Q6
Software	Windows 10 Pro 64-Bit
Benchmark Scores	None, as long as my games runs smooth.

System Name	KarymidoN TitaN
Processor	AMD Ryzen 7 5700X
Motherboard	ASUS TUF X570
Cooling	Custom Watercooling Loop
Memory	2x Kingston FURY RGB 16gb @ 3200mhz 18-20-20-39
Video Card(s)	MSI GTX 1070 GAMING X 8GB
Storage	Kingston NV2 1TB\| 4TB HDD
Display(s)	4X 1080P LG Monitors
Case	Aigo Darkflash DLX 4000 MESH
Power Supply	Corsair TX 600
Mouse	Logitech G300S

System Name	Pioneer
Processor	Ryzen 9 9950X
Motherboard	MSI MAG X670E Tomahawk Wifi
Cooling	Noctua NH-D15 + A whole lotta Sunon, Phanteks and Corsair Maglev blower fans...
Memory	128GB (4x 32GB) G.Skill Flare X5 @ DDR5-4200(Running 1:1:1 w/FCLK)
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs, 1x 2TB Seagate Exos 3.5"
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64, other office machines run Windows 11 Enterprise