[German]Microsoft and Google have jointly disclosed a new CPU vulnerability on May 21, 2018. This vulnerability is comparable to the Meltdown and Spectre weaknesses discovered at the beginning of the year.
Advertising
The latest vulnerability (Speculative Store Bypass variant 4) is a similar exploit to Spectre and uses the speculative execution that modern CPUs use. I already blogged about this topic within my blog article New Spectre NG vulnerabilities in Intel CPUs in general a few days ago.
Spectre variant 4
Like the other GPZ variants, Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel. In this case, the researchers demonstrated Variant 4 in a language-based runtime environment. While we are not aware of a successful browser exploit, the most common use of runtimes, like JavaScript, is in web browsers.
(Source: Pexels Fancycrave CC0 License)
Starting in January, most leading browser providers deployed mitigations for Variant 1 in their managed runtimes – mitigations that substantially increase the difficulty of exploiting side channels in a web browser. These mitigations are, according to Intel, also applicable to Variant 4 and available for consumers to use today. However, to ensure the option for full mitigation and to prevent this method from being used in other ways, Intel and its industry partners are offering an additional mitigation for Variant 4, which is a combination of microcode and software updates.
Performance affected by patches
Intel has already delivered the microcode update for Variant 4 in beta form to OEM system manufacturers and system software vendors. Intel expect it will be released into production BIOS and software updates over the coming weeks. This mitigation will be set to off-by-default, providing customers the choice of whether to enable it.
Advertising
Intel expect most industry software partners will likewise use the default-off option. In this configuration, Intel hasn't a performance impact. If enabled, Intel observed a performance impact of approximately 2 to 8 percent based on overall scores for benchmarks like SYSmark® 2014 SE and SPEC integer rate on client and server2test systems.
Mitigate variant 3a
This same update also includes microcode that addresses Variant 3a (Rogue System Register Read). This was was previously documented publicly by Arm* in January. Intel has not observed any meaningful performance impact on client or server benchmarks with the Variant 3a mitigation. Intel decided to bundle these two microcode updates together to streamline the process for our industry partners and customers.
Updated information pages
Intel provided more information regarding the Intel products that are potentially affected on our product security center page, along with white papers and other resources that provide guidance to help IT professionals assess the risk level in their environment. In addition, we've updated our security first web site with a list of new Frequently Asked Questions to help anyone who needs more information. The following video explains the new vulnerabilities.
(Quelle: YouTube)
