Google And Microsoft Find New Strain Of Spectre And Meltdown [Variant 3a & 4]

CVE-2018-3640 – Rogue System Register Read (RSRE) – also known as Variant 3a

CVE-2018-3639 – Speculative Store Bypass (SSB) – known as Spectre Variant 4 or SpectreNG

Security researchers at Google and Microsoft have found a new variant of the Spectre security flaw that was first reported back in January this year.

To exploit either of these vulnerabilities, an attacker must be able to run crafted or script code on an affected device.

Security researchers identified two software analysis methods that, if used for malicious purposes, have the potential to improperly gather sensitive data from multiple types of computing devices with different vendors’ processors and operating systems.

Intel worked closely with other technology companies and several operating system and system software vendors, developing an industry-wide approach to mitigate these issues promptly.

To fix the problem, Intel has released beta microcode updates to operating system vendors, equipment manufacturers, and other ecosystem partners adding support for Speculative Store Bypass Disable (SSBD). SSBD provides additional protection by blocking Speculative Store Bypass from occurring. Intel hopes most major operating system and hypervisors will add support for Speculative Store Bypass Disable (SSBD) starting as early as May 21, 2018.

Description:

CVE-2018-3639 – Speculative Store Bypass (SSB) – also known as Variant 4

  • Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
  • 4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CVE-2018-3640 – Rogue System Register Read (RSRE) – also known as Variant 3a

  • Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis.
  • 4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Additional Information

Corresponding CVEs for Side-Channel Variants 1, 2, 3, 3a, and 4 are found below:

  • Variant 1: Bounds Check Bypass – CVE-2017-5753
  • Variant 2: Branch Target Injection – CVE-2017-5715
  • Variant 3: Rogue Data Cache Load – CVE-2017-5754
  • Variant 3a: Rogue System Register Read – CVE-2018-3640
  • Variant 4: Speculative Store Bypass – CVE-2018-3639

Patches For Variant 3a & 4

Link to Vendor Information Date Added
AMD May 21, 2018
ARM May 21, 2018
Intel May 22, 2018
Microsoft May 21, 2018
Redhat May 21, 2018





Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: