Researchers releases new bypass vulnerability SpectreRSB
Researchers at the University of California, Riverside, published a paper on the new Spectre vulnerability named SpectreRSB. Similar to other disclosed Spectre vulnerabilities, SpectreRSB takes advantage of predictive execution capabilities—a feature that all modern CPUs include to improve performance by pre-calculating operations and to discard unwanted data.
Unlike other Spectre vulnerabilities, SpectreRSB leverages the Return Stack Buffer (RSB) to recover data from predictive execution. Researchers say they use SpectreRSB to retrieve data from other processes and even trick RSB into revealing the secrets of SGX. This attack applies to Intel, AMD, and ARM processors.
“SpectreRSB is related to Branch Target Injection (CVE-2017-5715), and we expect that the exploits described in this paper are mitigated in the same manner. We have already published guidance for developers in the whitepaper, Speculative Execution Side Channel Mitigations. We are thankful for the ongoing work of the research community as we collectively work to help protect customers.”