Found new vulnerability in processors

    Microsoft and Google engineers jointly discovered a new vulnerability in Intel, AMD, ARM processors similar to Meltdown and Specter. The threat was called Speculative Store Bypass (v4) (CVE-2018-3639). Similar to Specter, the exploit also uses speculative execution of commands that modern CPUs provide.



    The attack method resembles Specter 1, but is based on recovering data that has settled in the processor cache after discarding the result of speculative operations while processing alternate write and read operations using indirect addressing. When a read operation follows a write operation (for example, mov [rbx + rcx], 0x0; mov rax, [rdx + rsi]), the read address offset may already be known due to similar operations (read operations are performed much more often and reading can be performed from the cache) and the processor can speculatively perform reading before writing, without waiting for the indirect addressing offset for writing to be calculated. If, after calculating the offset, the intersection of the memory areas for writing and reading is detected, the processor will simply discard the speculative reading result obtained and repeat this operation.


    A feature of Speculative Store Bypass is the ability to use it using scripts within applications. In other words, attackers can leave malicious JavaScript code directly on a web page, and the user will immediately be in danger when she visits. Hackers can access data stored in the browser’s memory. This can be a search history, addresses, bank card details, and more.


    However, this vulnerability was found in November 2017, and Intel has already rolled out a beta version of the microcode for OEM manufacturers to update their products. As in the case of Specter and Meltdown, it will result in a performance loss of 2–8%, according to a SYSmark 2014 SE test. Packages with kernel packages are compiled for RHEL and Ubuntu, and are expected for SUSE and Debian.


    “We continue to work with affected processor manufacturers and have already taken deeper protection measures to eliminate the vulnerabilities of malicious performance in our products and services. We are not aware of any instance using this exploit that would affect Windows or our cloud services infrastructure. We are committed to further mitigating the consequences for our customers, ”a Microsoft representative said.

    Also popular now: