They are identified as CVE-2018-3640 and CVE-2018-3639

May 21, 2018 22:05 GMT  ·  By

Security researchers from Google and Microsoft have publicly disclosed today a third and fourth variant of the industry-wide issue known as the Spectre vulnerability, which could let attackers gain access to sensitive information on vulnerable systems.

Dubbed Spectre Variant 3a and Spectre Variant 4, the two security vulnerabilities are identified as Rogue System Register Read (CVE-2018-3640) and Speculative Store Bypass (CVE-2018-3639). While Spectre Variant 3a lets a local attacker to obtain sensitive information by reading system parameters via side-channel analysis, the Spectre Variant 4 vulnerability lets unprivileged attackers read older memory values from memory or the CPU stack.

According to the security researchers who found the two vulnerabilities, the implementation of the Spectre Variant 4 side-channel vulnerability is complex, but it could let attackers using less privileged code to exploit the "speculative bypass" and either read arbitrary privileged data or execute older commands speculatively, which may result in cache allocations that could let them exfiltrate data if they use standard side-channel methods.

"Spectre Variant 3a is a vulnerability that may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information," reads the security advisory. "Spectre Variant 4 is a vulnerability that exploits “speculative bypass.” When exploited, Variant 4 could allow an attacker to read older memory values in a CPU’s stack or other memory locations."

Intel releases information on potentially affected Intel-based platforms

Intel released today information on potentially affected Intel-based platforms, which include 45nm and 32nm processors from the Intel Core i3, i5, i7, and M families, 2nd, 3rd, 4th, 5th, 6th, 7th, and 8th generation Intel Core processors, Intel Core X-Series processor family for Intel X99 and X299 platforms, as well as Intel Xeon 3400, 3600, 5500, 5600, 6500, 7500, E3, E3 v2, E3 v3, E3 v4, E3 v5, E3 v6, E5, E5 v2, E5 v3, E5 v4, E7, E7 v2, E7 v3, E7 v4, and Scalable families.

In addition, processor from the Intel Atom C Series (C3308, C3338, C3508, C3538, C3558, C3708, C3750, C3758, C3808, C3830, C3850, C3858, C3950, C3955, C3958), E Series, A Series, X Series (x5-E3930, x5-E3940, x7-E3950), T Series (T5500, T5700), Z Series, as well as the Intel Celeron J Series (J3355, J3455, J4005, J4105, J4205), N Series (N3450, N4000, N4100, N4200), and Silver Series (J5005, N5000) are also affected by Spectre Variant 3a and Spectre Variant 4 security vulnerabilities.

The security advisory instructs users and system administrators to refer to their software and hardware vendors for patches or microcode firmware updates that mitigate the Spectre Variant 3a and Spectre Variant 4 security vulnerabilities. Red Hat already informed us earlier that they plan to release mitigations for these bugs in the coming days, urging all users to update their systems immediately, even if they believe their platforms may not be affected.

Administrators are urged to use a test environment to verify if the patches work correctly before implementing them, ensuring the performance of the system is not affected for when running critical services and applications. The security researchers recommend consulting with cloud service providers and vendors on mitigations if the patches have any degradation effects, as well as to resolve these issues on the host operating systems after patching.