Intel denies new SpecterRSB attacks bypass current protections

Researchers at the University of California have presented new Spectre-like attacks called SpectreRSB. Existing countermeasures would not stop them. Intel contradicts that and says that no new measures are needed.

In their recent paper, the four authors write, “None of the known countermeasures such as Retpoline and Intel microcode are able to stop all SpectreRSB attacks.” The naming of the attacks means that they are Spectre-like techniques, with which it is possible to read sensitive information. Instead of targeting the branch predictor of CPUs, the variants discovered by the researchers target the so-called return stack buffer, or rsb, which, according to the authors, predicts return addresses. The researchers present six different variants of SpectreRSB.

Paper overview of attack variants and countermeasures

In a response to The Register, Intel says it believes that “SpectreRSB is related to branch target injection” and that it expects that existing measures will also work against the new variants. Intel is referring to the second variant of the Specter attack, which was publicized at the beginning of this year. Intel says it has already published guidelines for developers in a white paper. The researchers tested their attacks on Intel processors of the Skylake and Haswell generations and attacked SGX enclaves. While they only tested Intel systems, they also shared their findings with ARM and AMD, as they also allegedly use return stack buffers.

The researchers’ findings come on top of previous discoveries of Spectre-like attacks, the numbers of which continue to rise steadily. Tweaker Squee recently mapped out all the different variants, which are also listed below in a table.