GadgetSpinner: A New Transient Execution Primitive from Loop Stream Detector

Transient execution attacks constitute a major class of attacks affecting all modern out-of-order CPUs. These attacks exploit the transient execution windows (i.e., the instructions that execute but never commit) to leak confidential information from the victims. Existing attacks either rely on branch mispredictions, incorrect memory speculations, or deferred exception handling to create transient windows. In this work, we introduce a new transient execution primitive, called GadgetSpinner. We exploit the Loop Stream Detectors (LSD) in Intel processors to perform out-of-loop-bound execution and perform illegal operations.

Our key observation is that the LSD holds on to an old copy of branch predictions from the first iteration of the loop and keeps using this copy until a branch misprediction occurs, i.e., advances beyond the loop bound. We exploit the delay between the last legal iteration of the loop and when the branch misprediction is resolved. In this paper, we analyze the transient execution of the LSD and perform end-to-end attacks to (1) perform illegal reads from protected memory regions, (2) bypass Intel SGX and extract the weights of a trained CNN model in DNNL library, and finally (3) break Kernel ASLR (KASLR). We discuss that many defenses for prior transient execution attacks, like secure Branch Prediction Unit (BPU) designs, fail to protect against GadgetSpinner.