Black Hat USA 2025 | Racing for Privilege

Racing for Privilege: Leaking Privileged Memory From Any Intel System Using a Microarchitectural Race Condition Enhanced Indirect Branch Restricted Speculation (eIBRS) is Intel's primary defense against Branch Target Injection-style (BTI) Spectre attacks. eIBRS prevents misuse of untrusted branch target predictions in higher privilege domains (i.e., kernel/hypervisor mode) by restricting predictions from other privilege domains other than the one they were created for. Since its inception in late 2018, eIBRS remains the best-suited BTI defense that all major operating systems and hypervisors rely on, and it has so far successfully prevented attackers from injecting arbitrary branch target predictions across privilege boundaries. However, our research finds that microarchitectural mitigations like eIBRS, much like software, are vulnerable to race conditions. Consequently, we will demonstrate an exploitation technique that allows attackers to inject branch target predictions not only into higher privilege domains, but also across prediction barriers (i.e., IBPB) meant to invalidate all such predictions. Tracing back the bug to its origin, we find that it has been present ever since the eIBRS was first introduced, meaning systems have been vulnerable for over 7 years! We will demonstrate that this issue is easy to exploit by building an arbitrary privileged memory read primitive, evaluated (5.6 kB/s) on an up-to-date Ubuntu 24.04 system with all default mitigations enabled. This attack shows how easily hardware mitigations can fall apart when integrated into a complex CPU design, and it gives us a reminder of how much trust the computer industry faithfully puts into hardware vendors' security claims. By: Sandro Rüegge | Security Researcher, ETH Zürich Johannes Wikner | CPU Therapist, PhD, ETH Zurich Presentation Materials Available at: https://ift.tt/0UQ7idh

source https://www.youtube.com/watch?v=ULXuhxj-WgA