PSIRT Advisory

BranchScope: New CPU Side-Channel Attack

Summary

A new side-channel attack that takes advantage of the speculative execution feature of modern processors to recover data from targeted users' CPUs has been disclosed (http://www.cs.ucr.edu/~nael/pubs/asplos18.pdf). It targets the "branch prediction" operations —which is the same part of a CPU speculative execution process as the one targeted by "Spectre variant 2". However, while "Spectre 2" exploits the Branch Target Buffer (BTB), BranchScope exploits the Directional Branch Predictor (DBP).

Impact

Information Disclosure, Privilege Escalation