Notebookcheck Logo
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Two new Meltdown and Spectre variants discovered

The new variants might cause some problems for Intel's and AMD's already announced hardware fixes. (Source:
The new variants might cause some problems for Intel's and AMD's already announced hardware fixes. (Source:
The latest variants dubbed MeltdownPrime and SpectrePrime were discovered by Nvidia and Princeton University researchers. In a nutshell, these variants force two CPU cores to react to each other in order to trick multi-core systems into giving up cached data.
Bogdan Solca,

Even if there were no reports of actual grand-scale hacks that took advantage of the Meltdown / Spectre vulnerabilities found in Intel’s and AMD’s CPU released this decade, there is still a pronounced feeling of unease among the end-users who now demand efficient hardware fixes instead of rushed and poorly optimized fixes that mess up their systems anyway. Meltdown and Spectre first got their spotlight when Google revealed them in early January this year as inherent CPU flaws that can enable unwarranted access to personal info that happens to be stored in the system memory, including passwords, emails and other critical data that can compromise the OS.

While Intel and AMD are already working to include hardware fixes in the upcoming CPU lineups, researchers from Nvidia and Princeton University dug deeper into the underlying flaws and uncovered two new vulnerability variants named “MeltdownPrime” and “SpectrePrime”.

The “MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols” paper released on February 11 notes that: In the context of Spectre and Meltdown, leveraging coherence invalidations enables a Prime+Probe attack to achieve the same level of precision as a Flush+Reload attack and leak the same type of information. By exploiting cache invalidations, MeltdownPrime and SpectrePrime -- two variants of Meltdown and Spectre, respectively -- can leak victim memory at the same granularity as Meltdown and Spectre while using a Prime+Probe timing side-channel. [...]MeltdownPrime and SpectrePrime are caused by write requests being sent out speculatively in a system that uses an invalidation-based coherence protocol.”

It is not clear if these new variants have already been patched with the latest software fixes, but, more importantly, Intel and AMD have not yet confirmed if these variants will be fixed with the in-silicon solutions to be released in late 2018.


static version load dynamic
Loading Comments
Comment on this article
Bogdan Solca
Bogdan Solca - Senior Tech Writer - 1750 articles published on Notebookcheck since 2017
I first stepped into the wondrous IT&C world when I was around seven years old. I was instantly fascinated by computerized graphics, whether they were from games or 3D applications like 3D Max. I'm also an avid reader of science fiction, an astrophysics aficionado, and a crypto geek. I started writing PC-related articles for Softpedia and a few blogs back in 2006. I joined the Notebookcheck team in the summer of 2017 and am currently a senior tech writer mostly covering processor, GPU, and laptop news.
contact me via: Facebook
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2018 02 > Two new Meltdown and Spectre variants discovered
Bogdan Solca, 2018-02-16 (Update: 2018-02-17)