Eight New Meltdown-Like Flaws Found

An anonymous reader quotes Reuters: Researchers have found eight new flaws in computer central processing units that resemble the Meltdown and Spectre bugs revealed in January, a German computing magazine reported on Thursday. The magazine, called c't, said it was aware of Intel Corp's plans to patch the flaws, adding that some chips designed by ARM Holdings, a unit of Japan's Softbank, might be affected, while work was continuing to establish whether Advanced Micro Devices chips were vulnerable... The magazine said Google Project Zero, one of the original collective that exposed Meltdown and Spectre in January, had found one of the flaws and that a 90-day embargo on going public with its findings would end on May 7...

"Considering what we have seen with Meltdown and Spectre, we should expect a long and painful cycle of updates, possibly even performance or stability issues," said Yuriy Bulygin, chief executive officer of hardware security firm Eclypsium and a former Intel security researcher. "Hopefully, Meltdown and Spectre led to improvements to the complicated process of patching hardware."
Neowin now reports that Intel "is expected to release microcode updates in two waves; one in May, and the other in August."

Well, to be expected.

Speculative execution bypasses the memory protection barriers for efficiency reasons. The actual problem is that cache coherence is global rather than per-process and its effects are measurable. That is the vector for wagonloads of side channel attacks. Speculative execution to addresses based on protected locations is just a rather elegant side channel attack since it does not count towards privilege violations and thus does not trigger an exception that would in turn cause a much larger impact on cache coherence and other measurable CPU state than what you are trying to measure.

Cache coherency is a side channel attack that will keep on giving for a long long while to come.

Re:Well which is it?

[Megol]

Actually you got the two things switched:

Meltdown can be totally protected against in software however with a significant performance impact.

Spectre can be divided into two kinds of attacks:
. One kind that bypass protection checks (range checks etc.) used to create software based virtual machines. These can be protected against in software.
. One kind that use shared branch prediction state between an attacker and a victim to influence speculative execution when running the victim code, this can be used to extract data that can be exfiltrated through a shared cache. This is in general not possible to patch in software.

Good program design have nothing to do with this. That's the whole problem with these speculative vulnerabilities: the code that one write isn't necessarily the code that the processor executes. One have to write bad code taking microarchitectural design into consideration to protect against attack.

Re:Well which is it?

[ravenshrike]

Good program design severely limits the total access of a SPECTRE type flaw. However the access granted by a standard SPECTRE exploit will still give out some information. Thus through good program design you can avoid giving away important information like passwords or cryptography keys even if someone is using a SPECTRE type exploit on your system. Whereas there is no real protection against a MELTDOWN flaw once it is exploited. At that point the person running the exploit has access to everything going on in the system.

Re:Explain

[Mal-2]

Replacing an older Intel CPU and board with an AMD CPU+board of equal performance may actually be cheaper than replacing with fixed Intel parts, if the end user is the one paying. But of course, Intel would rather take the bigger hit on paper and hand out its own products, rather than funnel one thin dime to AMD, so unless any payouts are in cash, the replacements for anything are going to be more Intel.