Researchers expose three new variants of speculative execution attacks that bypass existing mitigations and leak kernel memory at high speeds. Intel, Arm, and Linux respond with microcode updates and kernel patches.
A newly disclosed vulnerability named “Training Solo” is making waves across the cybersecurity and semiconductor industries. Uncovered by the security research group VUSec at Vrije Universiteit Amsterdam, this set of vulnerabilities targets modern Intel and Arm CPU architectures and undermines one of the central assumptions behind existing Spectre Variant 2 mitigations: that domain isolation is enough to prevent speculative execution attacks.
Instead, the researchers show that even within a single domain, speculative control-flow hijacking and branch prediction training can be abused to leak memory, rendering multiple layers of kernel and hypervisor protections ineffective.
What is Training Solo?
Training Solo is a new class of self-training Spectre-v2 attacks, where both the training and exploitation phases happen within the victim domain. While traditionally thought to require attackers to inject code into sandboxed environments (like eBPF), VUSec’s analysis reveals that cross-domain exploitation is also possible under practical conditions.
Their paper demonstrates two end-to-end exploits that leak up to 17 KB/s of kernel memory on recent Intel CPUs.
Three Variants, Broad Exposure
The vulnerability includes three distinct variants, each requiring its own set of mitigations:
- ITS (Indirect Target Selection): Affects a wide range of Intel CPUs. Requires a microcode update and Linux kernel/KVM patches.
- Variant specific to Intel “Lion Cove” cores: Needs a separate mitigation mechanism.
- Cross-architecture variant: Impacts both Intel and Arm CPUs, necessitating updates at both hardware and software levels.
Affected Hardware
The following Intel processors are known to be affected:
- Cascade Lake, Cooper Lake, Whiskey Lake V, Coffee Lake R, Comet Lake
- Ice Lake, Tiger Lake, Rocket Lake
- Lion Cove-based designs in the latest Intel CPU generations
Arm processor exposure has been acknowledged, though specific core models are not yet public. The attack likely impacts general-purpose cores found in servers, mobile SoCs, and cloud environments.
Mitigations Underway
The Linux kernel has already integrated key patches. These include:
- ITS mitigation, preventing indirect branch prediction attacks across cachelines.
- Protection for classic BPF (cBPF) programs, including the use of a new instruction:
IBHF (Indirect Branch History Fence), which blocks speculative execution from reusing history before the fence when BHI_DIS_S is active.
Intel is coordinating firmware (microcode) rollouts for the affected CPU families, and updates are expected to be included in future Linux distributions and cloud hypervisors.
Implications for Virtualization and Cloud Security
Training Solo strikes at the heart of virtual machine isolation and hypervisor security, raising serious concerns for multi-tenant cloud environments. The ability to bypass isolation boundaries, even under tightly controlled configurations, makes it potentially more dangerous than earlier speculative vulnerabilities.
It’s especially concerning in environments that rely heavily on eBPF or sandboxed workloads, where attackers could execute side-channel probes without elevated privileges.
A New Post-Spectre Era?
“Training Solo” is being dubbed by experts as the most impactful speculative execution vulnerability since Meltdown and Spectre in 2018. While the industry has since implemented hardware and software defenses, this new family of attacks shows that speculative design flaws continue to evade traditional mitigations.
Intel engineer Dave Hansen described the ITS bug as “a good old CPU bug where the behavior is obviously wrong, but subtle enough to go unnoticed for years.” The attack surfaces it exposes were previously thought to be secure.
Immediate Recommendations
For users and organizations:
- Apply all available firmware (microcode) and kernel updates as soon as possible.
- Avoid running mixed-trust workloads on shared hardware until mitigations are in place.
- Monitor use of eBPF and cBPF programs and ensure they are secured with the latest protections.
Cloud providers and infrastructure operators should audit kernel configurations, isolate workloads, and validate hypervisor mitigations proactively.
Conclusion
Training Solo reveals once again that microarchitectural security remains a moving target. While the performance benefits of speculative execution are immense, so too are the risks. As researchers and vendors scramble to mitigate this new class of attacks, one thing is clear: security at the CPU level is far from a solved problem — and vigilance will be needed for years to come.
Via: phoronix.com, Revista cloud and git kernel
Illustration vía AI free images.
