The next-generation of Spectre speculative execution vulnerabilities in CPUs from AMD, ARM, IBM and Intel has arrived in the form of Variants 3a and 4, following highly anticipated public disclosures from Google's Project Zero and Microsoft Corporation [1, 2].
The new variants carry similar risks as the original Spectre and Meltdown bugs that were announced in January of this year, and also just like last time the applied patch will result in performance degradation.
In short, attackers can exploit the bugs to read privileged data via a side-channel attack that uses a low-privilege application to read the memory of another, more secured application.
Leslie Culbertson, Intel's executive vice president and general manager of product assurance and security, said in an online editorial that Intel has developed the beta version of its microcode fix. It has already been distributed to affected OEM and system software vendors, "and we expect it will be released into production BIOS and software updates over the coming weeks," she said. However, when the fix is applied, there will be a performance impact of two to eight percent if the software mitigation is turned on, Culbertson acknowledged.
In an FAQ, ARM announced that "for all known variants impacting Arm cores, Arm has completed initial kernel patching, compiler work and firmware updates." And AMD reported that Microsoft "is completing final testing and validation of AMD-specific updates for Windows client and server operating systems, which are expected to be released through their standard update process. Similarly, Linux distributors are developing operating system updates..."
Culbertson also noted that the same mitigations browser providers deployed in their managed runtimes earlier this year to combat Spectre Variant 1 also work against Variant 4 -- meaning users do have at least some means of protecting themselves while they await a patch.
AMD, ARM, Intel have all published up-to-date white papers describing the side-channel threat in detail, while IBM also posted an statement detailing which of its Power processors are affected. Meanwhile, other vendors known to be affected by the new variants include Cisco, Dell/Dell EMC, Microsoft, QUALCOMM, Red Hat, SUSE Linux, Synology, Ubuntu, VMware and possibly Acer.
As with the previous vulnerabilities, the flaw lies within a microprocessor's ability to speed up performance by predicting an incoming instruction and start executing the operating necessary to complete it -- a time-saving trick that as an unfortunate byproduct can leak sensitive information to attackers.
Variant 3a, designated CVE-2018-3640, is a Rogue System Register Read (RSRE) that involves speculative reads of system register values used in speculative load instructions. "These subsequent speculative loads cause allocations into the cache that may allow a sequence of speculative loads to be used to perform timing side-channel attacks," warns an advisory from the CERT/CC and Carnegie Mellon University's Software Engineering Institute. "An attacker with local user access may be able to use timing side-channel analysis to determine the values stored in system registers."
Variant 4, designated CVE-2018-3639, is a Speculative Store Bypass (SSB) flaw, which an Intel's vulnerability advisory describes as follows: "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis."
The infosec community has been awaiting news on a possible new Spectre vulnerability, especially since German technology news outlet c't earlier this month reported that up to eight new flaws would soon be disclosed. However, some experts are downplaying the latest disclosure, noting that vulnerability/exploit derivatives should be expected in cases like this, and that the flaws at play here would be complicated to exploit.
"Vulnerability exploits often come in series," said Oren Aspir, CTO at Cyberbit. "These events teach us that we will never be able to identify and patch all vulnerabilities in chips, applications, and operating systems."
"The lesson: although we should keep using best practices and timely patching, we cannot rely on it for security," continued Aspir, emphasizing the importance of advanced detection capabilities. "Because even after patching Variant 4, we can expect Variants 5, 6 and 7 to appear sooner or later."
"Given the complexity and ubiquity of side-channel attacks enabled by speculative execution, I doubt these will be the last variants that will be announced," agreed Tod Beardsley, research director at Rapid7. "In the end, though, these present themselves as rather exotic attack vectors."
"Most criminal activity today uses very simple social engineering techniques to get users to run untrusted code on their behalf, and don't rely on complicated, hard-to-target side channel attacks," Beardsley continued. "On the other end of the threat spectrum, sophisticated espionage and intelligence organizations tend to leverage local, physical access to equipment to compromise specific targets, or national, ISP-level snooping to perform broad surveillance. Therefore, while it's certainly possible that criminal and government attackers could use these speculative execution and memory allocation misuse bugs for nefarious ends, any such exploit appears difficult to employ in a broad, pervasive way.
Researchers Jann Horn of Google Project Zero and Ken Johnson of the Microsoft Security Response Center separately reported Variant 4, while Zdenek Sojka, Rudolf Marek and Alex Zuepke from SYSGO AG are credited with discovering Variant 3a.