Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed (bleepingcomputer.com)

Posted by msmash on from the security-woes dept.

Two security researchers have revealed details about two new Spectre-class vulnerabilities, which they've named Spectre 1.1 and Spectre 1.2. From a report: Just like all the previous Meltdown and Spectre CPU bugs variations, these two take advantage of the process of speculative execution -- a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data. According to researchers, a Spectre 1.1 attack uses speculative execution to deliver code that overflows CPU store cache buffers in order to write and run malicious code that retrieves data from previously-secured CPU memory sections. Spectre 1.1 is very similar to the Spectre variant 1 and 4, but the two researchers who discovered the bug say that "currently, no effective static analysis or compiler instrumentation is available to generically detect or mitigate Spectre 1.1." As for Spectre 1.2, researchers say this bug can be exploited to write to CPU memory sectors that are normally protected by read-only flags.

5 of 109 comments (clear)

  1. Re:So by gweihir · · Score: 5, Interesting

    We will see whether this holds up, but at the moment Intel is the one that played it fast and loose in order to have a few percent more performance, while AMD was far more careful and conservative and is now far less at risk and maybe not at all due to massively higher effort to exploit the subset of these vulnerabilities where they are affected. It is still possible that an easy to exploit variant will eventually be found for AMD too, but at the moment there is none.

    Given that AMD has already done some additional things against this class of exploits in Zen 2, it may be that Intel CPUs will be a continued problem for the next years, while the same things may be more of an annoyance on AMD or not even present. Well, market dominance is never a good thing. Quality almost always suffers and prices get inflated. It would be a good thing if Intel got cut down quite a bit in size.

    Of course, many people now have do defend their bad decision to not even have looked at AMD and they are intent to muddy the waters.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  2. Re:Not many CPU designs are by Eravnrekaree · · Score: 3, Interesting

    There have been mitigation being implemented for the bugs to reduce the severity of the problem, so that hopefully will keep current CPUs out of too much trouble. There are too many CPUs around of course to replace them all right away, so the software fixes have to suffice. Eventually new CPU generations will have more fixes built into the CPU. Many spectre variants are a long shot to exploit anyway.

    From what I understand is that the flaws result from being able to tell what another process is doing through how fast some code runs. If another process is running the same code as your process, the behaviour of the other process can be gleaned by watching how fast code runs in your process. The CPU learns by watching code execute what code paths are most likely to be taken. So the learning from watching another process can affect other processes.

    One solution for a CPU fix is to isolate processes so the CPU isolates its learning and predictions to within each process, one process will not affect the performance of other processes. Processes can not benefit from each other, thats the downside, but no more leaking of state between processes.

    It could also be made so the Operating System can configure all of this in more detail about how much should be shared between process, if it all, what kind of optimizations should be done , or none at all, etc, so the user can make their own decisions about security/performance trade offs.

    Perhaps the Operating System could be allowed to turn off hardware based optimizations and control the speculative execution scheduling itself which would make it easier to address bugs and security concerns with software updates.

    It all requires some changes to the CPU, but from what I understand, its not all that of a big deal to add to CPUs.

  3. Re:Not many CPU designs are by drinkypoo · · Score: 3, Interesting

    Do you know anything about the cost of mitigation on POWER? We've known for a long time that those architectures were vulnerable, but I haven't heard anything about the performance impact of ibm's fix.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  4. Re:Not many CPU designs are by OneHundredAndTen · · Score: 4, Interesting

    The much-maligned Itanium remains impervious to all these attacks. Just saying.

  5. Re:For some of us it was not a bad decision by Carewolf · · Score: 3, Interesting

    I too had stability issues with the K6... It turned out it was related to the VIA chipset, and more specifically the drivers.. Not that they were buggy, no no, they failed to handle buggy 3Dfx, buggy NVidia and buggy Soundblaster hardware that were all violating the PCI standard, and when you had two of them (which most gamers had), there were small but non-zero chance they would step on eachothers toes due to their abuse of the PCI standard and fuck the system state up.

    The non-VIA drivers and Intel BIOS all had work-arounds to keep those buggy hardware in check. After the issue was fixed in a VIA-driver update, there were no more crashes.

    But as often is the case. The blame lied nowhere close to whom most people blamed.