Intel Alder Lake and Later Models Affected by Indirector Branch Predictor Vulnerability

Posted on 2024-07-06 Edited on 2025-06-24

Quick Report

Researchers from University of California, San Diego have discovered a new vulnerability in Intel processors, called the Indirector which exposes weakness in Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB) allowing attackers to run precise Branch Target Injection (BTI) attacks. This vulnerability affects Intel processors from the Alder Lake generation and later, including Raptor Lake, Arrow Lake, and Lunar Lake.

The paper provides details into inner workings of Intel's hardware defenses, such as IBPB, IBRS, and STIBP, including previously unknown holes in their coverage. The researchers also provide a proof-of-concept exploit that bypasses all of these defenses, allowing an attacker to run arbitrary code on a victim's machine.

The PoC exploit allows attackers to breach security boundaries across diverse scenarios including cross-process and cross-privilege scenarios. It uses BTB and IBP to break Address Space Layout Randomization (ASLR).

The microcode fixes could have severe performance implications and could lose upto 50% of performance in some cases. Intel has released microcode updates to mitigate the vulnerability and asks vendors to use existing software techniques to mitigate the vulnerability by referring their mitigation guidance BHI Document and IBRS mitigation guide.

Source(s)

Indirector Vulnerability
TPU Article
Tom's Hardware Report