新闻来源：
https://www.tomshardware.com/news/intel-alder-lake-arm-cpus-affected-by-new-spec
tre-vulnerability
缩网址：https://bit.ly/3hOskDS
新的幽灵漏洞昨天被发布，
这个属于Specture-V2的漏洞，主要影响Intel跟Arm CPU系统，
Intel从Haswell开始到Alderlake都有影响，
会出一个新的软件更新去修正这问题，
Arms则是影响Cortex A15, A57, A72 及 Neoverse V1, N1, and N2
可由Intel之 CVE-2022-0001、CVE-2022-0002
及 Arm 之 CVE-2022-23960 了解漏洞及修正
漏洞演示：
https://twitter.com/vu5ec/status/1501256481097883648
https://youtu.be/537HUwV36ME
底下为原文：
VUSec security research group and Intel on Tuesday disclosed a yet another Spect
re-class speculative execution vulnerability called branch history injection (BH
I). The new exploit affects all of Intel processors released in the recent years
, including the latest Alder Lake CPUs, and select Arm cores. By contrast, AMD's
chips are believed to be unaffected.
BHI is a proof-of-concept attack that affects CPUs already vulnerable to Spectre
V2 exploits, but with all kinds of mitigations already in place. The new exploi
t bypasses Intel's eIBRS and Arm's CSV2 mitigations, reports Phoronix. BHI re-en
ables cross-privilege Spectre-v2 exploits, allows kernel-to-kernel (so-called in
tra-mode BTI) exploits, and allows perpetrators to inject predictor entries into
the global branch prediction history to make kernel leak data, reports VUSec. A
s a result, arbitrary kernel memory on select CPUs can be leaked and potentially
reveal confidential information, including passwords. An example of how such a
leak can happen was published here.
VUSec
图片我就不附上，因为有影片
(Image credit: VUSec)
All of Intel's processors beginning with Haswell (launched in 2013) and extendin
g to the latest Ice Lake-SP and Alder Lake are affected by the vulnerability, bu
t Intel is about to release a software patch that will mitigate the issue.
Numerous cores from Arm, including Cortex A15, A57, A72 as well as Neoverse V1,
N1, and N2 are also affected. Arm is expected to release software mitigations f
or its cores. What is unclear is whether custom versions of these cores (e.g., s
elect cores from Qualcomm) are also affected and when the potential security hol
es will be covered.
Since this is a proof-of-concept vulnerability and it is being mitigated by Inte
l and Arm, it should not be able to be used to attack a client or server machine
— as long as all the latest patches are installed. There's no indication how m
uch the mitigations will impact performance.