New variants have been discovered :
• CVE-2018-3639: Speculative Store Bypass (variant 4), which is a similar Spectre variant that takes advantage of speculative execution that modern CPUs use to potentially expose sensitive data through a side channel.
• CVE-2018-3640 : Rogue System Register Read (variant 3a): It is a vulnerability that may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information.
“..Speculative execution design errors can be exploited by malicious software running on a vulnerable computer, or a malicious actor logged into the system, to trick the CPU into revealing sensitive information, like passwords and encryption keys, stored in system memory and the kernel..”
Intel has classified Variant 4 as "medium risk" because many of the exploits that Speculative Store Bypass attack would use were fixed by browsers like Safari, Edge, and Chrome during the initial set of patches.