Specter uses a feature that is common to all out-of-service processors. Which is that every branch after a condition in the code is previously executed, whether the condition is met or not. Then, when this is not given, a pruning of all code branches that are not the main branch is performed.
It was discovered that there was a way to execute the rejected code, which is often “illegal”, compromising the security of processors from Intel and AMD, which they called Specter.
New Specter vulnerabilities in Intel and AMD
Thanks to the study of the micro-op cache of several Intel and AMD x86 processors, several researchers at the State universities of Virginia and California have discovered three new Specter vulnerabilities in these processors. Which are not solved by the Specter solutions introduced a few years ago. The solution? This involves drastically reducing the performance of the processors for this.
The micro-op cache is part of Intel processors released from 2011 and in the case of AMDs from 2017. The micro-op cache is used by the control unit to translate CISC x86 instructions into micro-instructions. It is research on this part of Intel and AMD processors that exposed these vulnerabilities.
The researchers found that the micro-op cache could be exploited, through two types of code they called tigers and zebras.
- Tigers can dislodge a given region of code by mimicking its structure and occupying the same slots in the micro-op cache.
- Zebras owe their name to the fact that they hide in all places not occupied by another code.
The combination of the two types of code can take control of the micro-op cache and possibly the processor itself. While being able to do it successfully requires an extreme level of knowledge that very, very few people know how to harness, because extreme knowledge of each architecture is required.
Are these dangerous vulnerabilities?
The same researchers came to the conclusion that these are very difficult vulnerabilities to exploit. For this reason, an update of the processors would not be justified as it occurred in its time. It must be taken into account that the processor control units today are microcontrollers themselves, which can be updated via firmware.
Updating the firmware of CPUs has completely changed the way of handling the decoding step in the instruction cycle in some of the instructions, reducing the performance of the affected CPUs in the process.
The existence of this vulnerability is forcing engineers at Intel and AMD to think about new solutions to mitigate the problem in future designs. Considering that there are several years between the conception of a new CPU and its launch on the market, there is no doubt that the solution at the hardware level and apart from an update of the firmware of the CPUs that we will not even see in the AMD Zen 4 Processors and Intel Alder Lake.