Google And Microsoft Find New Strain Of Spectre And Meltdown [Variant 3a & 4]

CVE-2018-3640 – Rogue System Register Read (RSRE) – also known as Variant 3a

CVE-2018-3639 – Speculative Store Bypass (SSB) – known as Spectre Variant 4 or SpectreNG

Security researchers at Google and Microsoft have found a new variant of the Spectre security flaw that was first reported back in January this year.

To exploit either of these vulnerabilities, an attacker must be able to run crafted or script code on an affected device.

Security researchers identified two software analysis methods that, if used for malicious purposes, have the potential to improperly gather sensitive data from multiple types of computing devices with different vendors’ processors and operating systems.

Intel worked closely with other technology companies and several operating system and system software vendors, developing an industry-wide approach to mitigate these issues promptly.

To fix the problem, Intel has released beta microcode updates to operating system vendors, equipment manufacturers, and other ecosystem partners adding support for Speculative Store Bypass Disable (SSBD). SSBD provides additional protection by blocking Speculative Store Bypass from occurring. Intel hopes most major operating system and hypervisors will add support for Speculative Store Bypass Disable (SSBD) starting as early as May 21, 2018.

Description:

CVE-2018-3639 – Speculative Store Bypass (SSB) – also known as Variant 4

• Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
• 4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CVE-2018-3640 – Rogue System Register Read (RSRE) – also known as Variant 3a

• Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis.
• 4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Additional Information

Corresponding CVEs for Side-Channel Variants 1, 2, 3, 3a, and 4 are found below:

• Variant 1: Bounds Check Bypass – CVE-2017-5753
• Variant 2: Branch Target Injection – CVE-2017-5715
• Variant 3: Rogue Data Cache Load – CVE-2017-5754
• Variant 3a: Rogue System Register Read – CVE-2018-3640
• Variant 4: Speculative Store Bypass – CVE-2018-3639

Patches For Variant 3a & 4

Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.