Intel refutes claim that newly-uncovered Spectre vulnerability variants need patching with performance-leeching fixes

Researchers claim hackers could leverage the vulnerabilities to target "billions" of devices (Image source: Panda Security)

University of Virginia cybersecurity researchers published a paper in which they claimed that a variant of the Spectre vulnerability could potentially impact "billions" of devices, and require patches that severely hinder performance. Intel, however, refuted the claim in a statement.

Arjun Krishna Lal, Published 05/04/2021 🇫🇷 🇪🇸 ...

Researchers at the University of Virginia recently claimed that newly-uncovered variants of the Spectre CPU vulnerability could affect "billions" of devices with AMD and Intel processors. More concerningly, the nature of the exploits means that any potential patches could severely curtail processor performance.

Intel replied by stating that "existing mitigations were not being bypassed," though that is what the researchers appear to have demonstrated in their paper. Ashish Venkat, one of the paper's authors, had this to say with regards to Intel's security guidelines for Spectre: "Intel's suggested defense against Spectre, which is called LFENCE, places sensitive code in a waiting area until the security checks are executed, and only then is the sensitive code allowed to execute. But it turns out the walls of this waiting area have ears, which our attack exploits."

If this turns out to be a real issue, despite Intel's statement, a fix could put Intel and AMD in a quandary. The vulnerabilities exploit CPU branch prediction capabilities. Rolling back the speculative code execution functionality on older CPUs could have major performance implications.

Source(s)

University of Virginia

AMD Ryzen 7000 series architecture (Source: AMD)

AMD Ryzen 7000 CPUs are faster in Linux with Spectre V2 mitigations enabled 10/05/2022

HP Support Assistant is vulnerable to DLL hijacking

New security flaw discovered in HP Support Assistant 09/08/2022

Spectre-v2 mitigation is taking its toll on the performance of Intel and AMD CPUs.

Spectre-v2 mitigation wreaks havoc on the performance of some Intel CPUs as AMD chips come out largely unscathed 03/15/2022

Spectre is back. (Image Source: PC Gamer)

New Spectre vulnerability affects Intel Alder Lake and ARM processors 03/09/2022

Intel 8th generation processor wafer (Source: Intel)

Two high-rated security issues have been confirmed by Intel for a few processor series 11/15/2021

Check Point reports a new MSM flaw. (Source: Wikichip)

Security researchers claim to find a severe vulnerability that may affect up to 30% of all Android phones worldwide 05/09/2021

More vulnerabilities have been uncovered in Intel's silicon. (Image: Intel)

Another month, another Intel chipset malware vulnerability 06/10/2020

Zoom zero-day vulnerabilities are being auctioned for up to US$500,000 04/16/2020

Apple touts iPhone privacy as a key selling point on its website. (Source: Apple)

FBI pressure leaves iCloud, iPhone users vulnerable to unencrypted back door 01/22/2020

SplitSpectre threatens both Intel and AMD processors (Source: ZDNet)

The phantom returns: Researchers discover a new Spectre CPU attack, name it SplitSpectre 12/04/2018

MIT's DAWG could easily be integrated in OS updates, and it is said to be less taxing on the overall system performance. (Source: Bit-Tech)

MIT provides alternative solution for Spectre-like CPU bugs 10/19/2018

Read all 2 comments / answer

Loading Comments

Comment on this article

Apple's AirTag raises child safety ...

NVIDIA's new datacenter roadmap ind...

Arjun Krishna - Tech Writer - 623 articles published on Notebookcheck since 2019

I've had a passion for PC gaming since 1996, when I watched my dad score frags in Quake as a 1 year-old. I've gone on to become a Penguin-published author and tech journalist. Apart from working as an editor at Notebookcheck, I write for outlets including TechSpot and Gamingbolt. I’m the Director of Content at Flying V Group, one of the top 5 digital marketing agencies in Orange County. When I'm not traveling the world, gathering stories for my next book, you can find me tinkering with my PC.

contact me via: Facebook, LinkedIn

Please share our article, every link counts!