Spectre v4

Intel, Google, and Microsoft disclosed a new variant of the Spectre design flaw and security vulnerability that impacts millions of computers and mobile devices from a range of manufacturers.  It is called Variant 4.

Impact

The CVE-2018-3639 – Speculative Store Bypass (SSB) is also known as Variant 4. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.[1]  

Like the other GPZ variants, Variant 4 uses speculative execution.  This is a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel.  In this case, the researchers demonstrated Variant 4 in a language-based runtime environment.

Intel reports the new vulnerability has a "moderate" severity rating because many of the exploits that are used have already been addressed through mitigations that were first introduced by software makers and OEMs in January 2018 for Meltdown and Spectre.  However, Intel is releasing a full mitigation option that will "prevent this method from being used in other ways."

Affected Products

  • Intel® Core™ i3 processor (45nm and 32nm)
  • Intel® Core™ i5 processor (45nm and 32nm)
  • Intel® Core™ i7 processor (45nm and 32nm)
  • Intel® Core™ M processor family (45nm and 32nm)
  • 2nd generation Intel® Core™ processors
  • 3rd generation Intel® Core™ processors
  • 3rd generation Intel® Core™ processors
  • 4th generation Intel® Core™ processors
  • 5th generation Intel® Core™ processors
  • 6th generation Intel® Core™ processors
  • 7th generation Intel® Core™ processors
  • 8th generation Intel® Core™ processors
  • Intel® Core™ X-series Processor Family for Intel® X99 platforms
  • Intel® Core™ X-series Processor Family for Intel® X299 platforms
  • Intel® Xeon® processor 3400 series
  • Intel® Xeon® processor 3600 series
  • Intel® Xeon® processor 5500 series
  • Intel® Xeon® processor 5600 series
  • Intel® Xeon® processor 6500 series
  • Intel® Xeon® processor 7500 series
  • Intel® Xeon® Processor E3 Family
  • Intel® Xeon® Processor E3 v2 Family
  • Intel® Xeon® Processor E3 v3 Family
  • Intel® Xeon® Processor E3 v4 Family
  • Intel® Xeon® Processor E3 v5 Family
  • Intel® Xeon® Processor E3 v6 Family
  • Intel® Xeon® Processor E5 Family
  • Intel® Xeon® Processor E5 v2 Family
  • Intel® Xeon® Processor E5 v3 Family
  • Intel® Xeon® Processor E5 v4 Family
  • Intel® Xeon® Processor E7 Family
  • Intel® Xeon® Processor E7 v2 Family
  • Intel® Xeon® Processor E7 v3 Family
  • Intel® Xeon® Processor E7 v4 Family
  • Intel® Xeon® Processor Scalable Family
  • Intel® Atom™ Processor C Series (C3308, C3338, C3508, C3538, C3558, C3708, C3750, C3758, C3808, C3830, C3850, C3858, C3950, C3955, C3958)
  • Intel® Atom™ Processor E Series
  • Intel® Atom™ Processor A Series
  • Intel® Atom™ Processor X Series (x5-E3930, x5-E3940, x7-E3950)
  • Intel® Atom™ Processor T Series (T5500, T5700)
  • Intel® Atom™ Processor Z Series
  • Intel® Celeron® Processor J Series (J3355, J3455, J4005, J4105)
  • Intel® Celeron® Processor N Series (N3450)
  • Intel® Pentium® Processor J Series (J4205)
  • Intel® Pentium® Processor N Series (N4000, N4100, N4200)
  • Intel® Pentium® Processor Silver Series (J5005, N5000

 

AMD processors are also vulnerable to this attack. 

Redhat has provided details on their site[2] explaining the vulnerability. A video demonstration has also been provided.

Mitigation

Most leading browser providers have recently deployed mitigations in their Managed Runtimes – mitigations that substantially increase the difficulty of exploiting side channels in a modern web browser. Intel has said that its next-generation Xeon Scalable processors and its 8th-generation Intel Core processors will feature redesigned components to protect against some Spectre and Meltdown flaws.

 

[1] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html

[2] https://www.redhat.com/en/blog/speculative-store-bypass-explained-what-it-how-it-works

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!