Phantom Speculation and Training in Transient Execution are two novel techniques that have been identified to leak arbitrary information from all modern CPUs.
A new technique called “Inception” has emerged from the combination of these methods.
Phantom Speculation can be used to trigger misprediction without any source branches of the misprediction, whereas Training in Transient Execution can be used to manipulate future mispredictions through past mispredictions which are triggered by the attacker.
This is a novel transient execution attack that leaks arbitrary information on all AMD Zen CPUs with the presence of all the software as well as hardware mitigations.
Inception is an idea in the CPU in the state of “dreaming” resulting in wrong actions based on the previous activities and predictions.
Inception also hijacks the transient control flow of return instructions.
Instead of leaking the data in the transient windows, this attack abuses the transient window for inserting new predictions into the branch predictor, making the future transient windows more powerful.
These attacks require specific gadgets in the victim code.
This technique enables an attacker to create a transient window at arbitrary instructions which are followed by XOR instruction which makes the windows behave like a call instruction and allows the attacker to create a transient window.
A complete report has been published by Comsec, which provides detailed information on the technique, method, combination, mitigation, and resource of Inception.
This technique will be presented at the 32nd USENIX Security Symposium this year.
A research paper was also published along with a GitHub repository which consists of the source code of Inception. The phantom source code was mentioned to be submitted later.
Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.
A new wave of cyber threats is emerging as criminals increasingly weaponize AdaptixC2, a free…
Chinese-affiliated threat actor UNC6384 has been actively leveraging a critical Windows shortcut vulnerability to target…
Threat actors operating under the control of North Korea's regime have demonstrated continued technical sophistication…
Sophisticated threat actors have orchestrated a coordinated multilingual phishing campaign targeting financial and government organizations…
AzureHound, an open-source data collection tool designed for legitimate penetration testing and security research, has…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a…