Exploiting Inaccurate Branch History in Side-Channel Attacks

TL;DR

This paper uncovers security vulnerabilities in modern CPU branch prediction units caused by resource sharing, leading to new side-channel and Spectre attacks that can leak sensitive data across privilege boundaries.

Contribution

It reveals how branch prediction features can be exploited for cross-privilege attacks and introduces three novel attack primitives demonstrating practical exploits.

Findings

Identified new attack primitives: Spectre-BSE, Spectre-BHS, BiasScope.

Demonstrated exploitation on multiple processors.

Achieved kernel memory leakage at 24,628 bits/sec.

Abstract

Modern out-of-order CPUs heavily rely on speculative execution for performance optimization, with branch prediction serving as a cornerstone to minimize stalls and maximize efficiency. Whenever shared branch prediction resources lack proper isolation and sanitization methods, they may originate security vulnerabilities that expose sensitive data across different software contexts. This paper examines the fundamental components of modern Branch Prediction Units (BPUs) and investigates how resource sharing and contention affect two widely implemented but underdocumented features: Bias-Free Branch Prediction and Branch History Speculation. Our analysis demonstrates that these BPU features, while designed to enhance speculative execution efficiency through more accurate branch histories, can also introduce significant security risks. We show that these features can inadvertently modify the Branch History Buffer (BHB) update behavior and create new primitives that trigger malicious mis-speculations. This discovery exposes previously unknown cross-privilege attack surfaces for Branch History Injection (BHI). Based on these findings, we present three novel attack primitives: two Spectre attacks, namely Spectre-BSE and Spectre-BHS, and a cross-privilege control flow side-channel attack called BiasScope. Our research identifies corresponding patterns of vulnerable control flows and demonstrates exploitation on multiple processors. Finally, Chimera is presented: an attack demonstrator based on eBPF for a variant of Spectre-BHS that is capable of leaking kernel memory contents at 24,628 bit/s.