Intel’s indirect
branch tracking (IBT) is a hardware-implemented control-flow-integrity
mechanism that makes it harder for an attacker to gain control of the
system by way of a corrupted indirect branch. FineIBT is a software
extension to IBT that is meant to improve its protection. Recently,
though, Jennifer Miller reported a novel way to bypass
FineIBT by taking advantage of how the kernel’s system-call entry point is
constructed. In response, Peter Zijlstra is working on some FineIBT
enhancements to close that hole and make IBT more secure in general.
branch tracking (IBT) is a hardware-implemented control-flow-integrity
mechanism that makes it harder for an attacker to gain control of the
system by way of a corrupted indirect branch. FineIBT is a software
extension to IBT that is meant to improve its protection. Recently,
though, Jennifer Miller reported a novel way to bypass
FineIBT by taking advantage of how the kernel’s system-call entry point is
constructed. In response, Peter Zijlstra is working on some FineIBT
enhancements to close that hole and make IBT more secure in general.