Researchers reveal Variant 4 of Spectre vulnerability

Published by


As discussed a few weeks ago, a new Spectre vulnerability has been shared and made public today. Earlier on it was reported that there are eight new vulnerabilities, grouped and named as Spectre-ng, of which four are critical. Today the Store Bypass (SSB) vulnerability has been published and effects Intel, AMD and ARM.

Researchers from Microsoft and Googles Project Zero now published information about one of the vulnerabilities, the so-called fourth variant Spectre vulnerability, which can cause security issues. A new subclass of speculative execution side channel vulnerabilities known as Speculative Store Bypass (SSB) has been announced and assigned CVE-2018-3639. Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel. An attacker who has successfully exploited this vulnerability may be able to read privileged data across trust boundaries. Vulnerable code patterns in the operating system (OS) or in applications could allow an attacker to exploit this vulnerability.

In the case of Just-in-Time (JIT) compilers, such as JavaScript JIT employed by modern web browsers, it may be possible for an attacker to supply JavaScript that produces native code that could give rise to an instance of speculative Store Bypass (SSB). However, Microsoft Edge, Chrome and other major browsers have taken steps to increase the difficulty of successfully creating a side channel. So with your latest Chrome, you should be fine and thus safe.

There are now four (published) variants of the Spectre vulnerability that can be used to read memory in processors that is not intended for that application, and thus can be abused.

  • Variant 1: Bounds Check Bypass - CVE-2017-5753 (Spectre 1)
  • Variant 2: Branch Target Injection - CVE-2017-5715 (Spectre 2)
  • Variant 3: Rogue Data Cache Load - CVE-2017-5754 (Meltdown)
  • Variant 3a: Rogue System Register Read - CVE-2018-3640
  • Variant 4: Speculative Store Bypass - CVE-2018-3639 (Spectre 4)
Microsoft has released an advisory on the vulnerability and mitigation plans. Microsoft is completing final testing and validation of specific updates for Windows client and server operating systems, which are expected to be released through their standard update process. Intel made microcode available to their partners, however, see a large performance impact of 2 to 8 percent. Because of this impact, Intel has decided to leave the option off by default, so that users of critical systems themselves must switch on the patch in the bios. AMD writes that it will roll out microcode and patches, but it has not indicated what impact this performance will have. Similar to Intel, it will leave the patches turned off by default, because the risk of abuse would be very small.

Arm announced that their Cortex A57, A72, A73 and A75 cpu cores are affected. A  firmware mitigates the problem with a performance impact of 1 to 2% with most workloads. In July new versions of the A72, A73 and A75 cores will be released that are resistant to variant 2, and Cortex-A75 is also made resistant to v3, also known as Meltdown.

As always, please check where you are updates and patches wise with the handy InSpectre application, download here.

More info : Microsoft , ArmAMD , Intel

Share this content
Twitter Facebook Reddit WhatsApp Email Print