Central Processor Unit (CPU) Architectural Design Flaws
Description
Update 22/05/2018
New variants have been discovered :
• CVE-2018-3639: Speculative Store Bypass (variant 4), which is a similar Spectre variant that takes advantage of speculative execution that modern CPUs use to potentially expose sensitive data through a side channel.
• CVE-2018-3640 : Rogue System Register Read (variant 3a): It is a vulnerability that may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information.
“..Speculative execution design errors can be exploited by malicious software running on a vulnerable computer, or a malicious actor logged into the system, to trick the CPU into revealing sensitive information, like passwords and encryption keys, stored in system memory and the kernel..”
Intel has classified Variant 4 as "medium risk" because many of the exploits that Speculative Store Bypass attack would use were fixed by browsers like Safari, Edge, and Chrome during the initial set of patches.
Recommended Actions
CERT.be recommends you to install the patches once available :
• AMD: https://www.amd.com/en/corporate/security-updates
• ARM: https://developer.arm.com/support/arm-security-updates/speculative-proce...
• Intel: https://newsroom.intel.com/editorials/addressing-new-research-for-side-c...
• Microsoft: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV18...
• Red hat: https://www.redhat.com/en/blog/speculative-store-bypass-explained-what-i...
References
https://www.us-cert.gov/ncas/alerts/TA18-141A
https://thehackernews.com/2018/05/fourth-critical-spectre-cpu-flaw.html