On March 12, researchers from VUSec and IBM made a new form of speculative execution attack publicly knownon Twitter, linking to a corresponding GhostRace disclosure paper hosted by VUSec. We’ll be discussingthe full GhostRace disclosure documentand its attached documentation in more detail below, but first, let’s take some time to clarify what a “speculative execution attack” even is.
If you remember the scourge ofMeltdown and Spectre, back in 2016, this is very much in the same category of major CPU security exploits.Spectre V1 was explicitly a speculative execution attack, even. Speculative execution in and of itself isn’t a bad thing— it’s actually a core function of modern CPUs, which allows CPU threads to more effectively share resources.
The issue is, that speculative execution can also result in “race conditions”, where separate threads attempting to access shared resources create major security vulnerabilities by doing so in a poorly-synchronized matter. This exploit is focused on taking advantage of those scenarios, so it’s appropriately named GhostRace.
Before making GhostRace public, the researchers informed major hardware vendors and the Linux kernel of the issue (in late 2023), since GhostRace applies to all major OSes and CPUs, even Arm. The notice given should hopefully have given vendors the time they needed to develop their fixes and workarounds, however, the researchers also included some tips for mitigating the issue in the public document. An early fix attempt by the Linux kernel seemed promising, but experiments done by the researchers proved the fix didn’t completely cover the vulnerability.
For now, it seemsLinuxkernel devs are primarily concerned with performance, and don’t want to risk majorly crippling it with a rushed fix. We read that the proposed mitigation for Linux provided in the original documentation is tested as only having a roughly ~5% performance overhead in LMBench. No patching performance penalty is ever welcome, but perhaps a patiently developed fix can do better.
No mitigations are provided in the document for other platforms. However,AMDpoints out that existing Spectre v1 mitigations should still apply to potential GhostRace exploits— and since vendors have already had to tackle that, it should only be a matter of time. AMD has acknowledged the issue, according to the public disclosure paper.
Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.
Christopher Harper has been a successful freelance tech writer specializing in PC hardware and gaming since 2015, and ghostwrote for various B2B clients in High School before that. Outside of work, Christopher is best known to friends and rivals as an active competitive player in various eSports (particularly fighting games and arena shooters) and a purveyor of music ranging from Jimi Hendrix to Killer Mike to the Sonic Adventure 2 soundtrack.
