Not long after the first release of Meltdown and Spectre vulnerabilities, Google and Microsoft researchers independently reported two other variants of the modern processors bugs: a new subclass of speculative execution side channel vulnerabilities known as Speculative Store Bypass (SSB, previously known as SpectreNG – variant 4) has been assigned CVE-2018-3639; another Meltdown variation, rogue system register read (also called variant 3a) has been assigned CVE-2018-3640.
Among affected processors we find a wide range of chipsets: Intel and AMD x86, IBM POWER 8 and 9, and ARM CPUs.
Catalin Cimpanu wrote for Bleeping Computer:
Variant 3a is a variation of the Meltdown flaw, while Variant 4 is a new Spectre-like attack. The most important of these two is Variant 4. Both bugs occur for the same reason – speculative execution – a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data.
The difference is that Variant 4 affects a different part of the speculative execution process —the data inside the “store buffer” inside a CPU’s cache.
Recent Comments