As discussed a few weeks ago, a new Spectre vulnerability has been shared and made public today. Earlier on it was reported that there are eight new vulnerabilities, grouped and named as Spectre-ng, of which four are critical. Today the Store Bypass (SSB) vulnerability has been published and effects Intel, AMD and ARM.
Researchers from Microsoft and Googles Project Zero now published information about one of the vulnerabilities, the so-called fourth variant Spectre vulnerability, which can cause security issues. A new subclass of speculative execution side channel vulnerabilities known as Speculative Store Bypass (SSB) has been announced and assigned CVE-2018-3639. Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel. An attacker who has successfully exploited this vulnerability may be able to read privileged data across trust boundaries. Vulnerable code patterns in the operating system (OS) or in applications could allow an attacker to exploit this vulnerability.
There are now four (published) variants of the Spectre vulnerability that can be used to read memory in processors that is not intended for that application, and thus can be abused.
- Variant 1: Bounds Check Bypass - CVE-2017-5753 (Spectre 1)
- Variant 2: Branch Target Injection - CVE-2017-5715 (Spectre 2)
- Variant 3: Rogue Data Cache Load - CVE-2017-5754 (Meltdown)
- Variant 3a: Rogue System Register Read - CVE-2018-3640
- Variant 4: Speculative Store Bypass - CVE-2018-3639 (Spectre 4)
Arm announced that their Cortex A57, A72, A73 and A75 cpu cores are affected. A firmware mitigates the problem with a performance impact of 1 to 2% with most workloads. In July new versions of the A72, A73 and A75 cores will be released that are resistant to variant 2, and Cortex-A75 is also made resistant to v3, also known as Meltdown.
As always, please check where you are updates and patches wise with the handy InSpectre application, download here.