Two new Meltdown and Spectre variants discovered

The new variants might cause some problems for Intel's and AMD's already announced hardware fixes. (Source: Heise.de)

The latest variants dubbed MeltdownPrime and SpectrePrime were discovered by Nvidia and Princeton University researchers. In a nutshell, these variants force two CPU cores to react to each other in order to trick multi-core systems into giving up cached data.

Bogdan Solca, Published 02/16/2018

Even if there were no reports of actual grand-scale hacks that took advantage of the Meltdown / Spectre vulnerabilities found in Intel’s and AMD’s CPU released this decade, there is still a pronounced feeling of unease among the end-users who now demand efficient hardware fixes instead of rushed and poorly optimized fixes that mess up their systems anyway. Meltdown and Spectre first got their spotlight when Google revealed them in early January this year as inherent CPU flaws that can enable unwarranted access to personal info that happens to be stored in the system memory, including passwords, emails and other critical data that can compromise the OS.

While Intel and AMD are already working to include hardware fixes in the upcoming CPU lineups, researchers from Nvidia and Princeton University dug deeper into the underlying flaws and uncovered two new vulnerability variants named “MeltdownPrime” and “SpectrePrime”.

The “MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols” paper released on February 11 notes that: In the context of Spectre and Meltdown, leveraging coherence invalidations enables a Prime+Probe attack to achieve the same level of precision as a Flush+Reload attack and leak the same type of information. By exploiting cache invalidations, MeltdownPrime and SpectrePrime -- two variants of Meltdown and Spectre, respectively -- can leak victim memory at the same granularity as Meltdown and Spectre while using a Prime+Probe timing side-channel. [...]MeltdownPrime and SpectrePrime are caused by write requests being sent out speculatively in a system that uses an invalidation-based coherence protocol.”

It is not clear if these new variants have already been patched with the latest software fixes, but, more importantly, Intel and AMD have not yet confirmed if these variants will be fixed with the in-silicon solutions to be released in late 2018.

Source(s)

Official Princeton paper

TechSpot

Apple's M1 and M2 family of silicon has a baked in security vulnerability dubbed

Apple M-series chips have serious security flaw baked in, fix will result in performance hit 03/22/2024

SMT allows for multi-threaded parallel processing, but has an apparent security flaw. (Source: Wikipedia)

New side-channel vulnerability confirmed in Kaby Lake and Skylake CPUs 11/02/2018

Windows 10 19H1 is currently available as an insider's preview. (Source: Windows Latest)

2019 Windows update may address Spectre patch-related performance issues 10/19/2018

Intel has been releasing security patches since January, but this is the first time it banned testing them for performance discrepancies. (Source: MarketWatch)

Intel revises ban on benchmarking its newest microcode patch 08/24/2018

Google's Project Zero was set up to research improved data security. (Source: SteemKR)

The head of Google's Project Zero sees no future for blockchain in security 08/11/2018

Meltdown alongside Spectre was originally reported as a hardware level exploit on Intel CPUs (Source: meltdownattack.com)

Qualcomm CPUs have been shown to be unprotected against the Meltdown exploit, researchers say 08/09/2018

Intel will eventually bake security fixes into its next-generation of silicon. (Source: Intel)

Intel plans to offload CPU malware scanning to iGPUs in new Spectre / Meltdown fix 04/17/2018

It has been standard practice to give companies 60-90 days to react to newly found exploits.

Previously unheard-of company claims AMD chips are full of vulnerabilities, does not provide details 03/14/2018

The Chinese knew of Meltdown and Spectre much before the US Government according to The WSJ. (Source: Reddit)

Intel alerted select corporations about Meltdown/Spectre, China speculated to have known about it before the US 01/30/2018

Microsoft has issued a patch allowing users to toggle off its Spectre protection. (Source: Meltdownattack.com)

Optional MS update toggles off Spectre patch to stop reboot issues 01/29/2018

Users of Intel 'Broadwell' chips will get a more reliable microcode update in the coming weeks. (Source: Wccftech)

Intel readying a more reliable Meltdown/Spectre fix for 'Broadwell' and 'Haswell' platforms 01/24/2018

Spectre variant 2 got AMD involved in the double class action suit. (Source: Google)

AMD hit by double class action suit over Spectre vulnerabilites 01/18/2018

Microsoft blames the security update bricking systems on AMD. (Source: basstechintl)

Microsoft's Meltdown and Spectre security updates have been bricking AMD machines 01/09/2018

Loading Comments

Comment on this article

Facebook Messenger Kids now availab...

Google acquires Internet of Things ...

Bogdan Solca - Senior Tech Writer - 2253 articles published on Notebookcheck since 2017

I first stepped into the wondrous IT&C world when I was around seven years old. I was instantly fascinated by computerized graphics, whether they were from games or 3D applications like 3D Max. I'm also an avid reader of science fiction, an astrophysics aficionado, and a crypto geek. I started writing PC-related articles for Softpedia and a few blogs back in 2006. I joined the Notebookcheck team in the summer of 2017 and am currently a senior tech writer mostly covering processor, GPU, and laptop news.

contact me via: Facebook

Please share our article, every link counts!

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2018 02 > Two new Meltdown and Spectre variants discovered

Bogdan Solca, 2018-02-16 (Update: 2018-02-17)

Two new Meltdown and Spectre variants discovered

Source(s)

Related Articles