CVE-2024-2201

Description

CVE-2024-2201, also referred to as Native Branch History Injection (Native BHI), is a Spectre v2 variant affecting Intel x86 CPUs. It exploits branch history injection to bypass all deployed Spectre v2 mitigations, including the recent Fine(IBT) [1]. The attack was refined by researchers at VU Amsterdam, originally disclosed as Spectre-BHB in August 2022, and can now be performed entirely from userspace without requiring a managed runtime in the victim context [2][3].

Exploitation

An unprivileged attacker can trigger the vulnerability by training the CPU's branch predictor to influence speculative execution, enabling the inference of sensitive data from kernel memory or other virtual machines. The attack does not require local authentication or elevated privileges and works against Xen hypervisor and Linux kernel environments on vulnerable Intel CPUs. Older Intel CPUs may be mitigated by existing Spectre v2 protections, but newer models require additional patches [4].

Impact

Successful exploitation allows an attacker to infer the contents of arbitrary host memory, including memory assigned to other guest operating systems, leading to severe information disclosure. This can compromise cryptographic keys, passwords, and other confidential data across privilege boundaries [2][4].

Mitigation

Xen has released security patches as part of XSA-456, with updated versions addressing initial issues in the code changes [2][3]. Intel provides guidance on branch history injection mitigation [1]. Users should apply hypervisor and kernel updates from their vendors to mitigate the risk. Systems using non-Intel CPUs are not affected [4].