These are still processor-related vulnerabilities. This time security researchers have found two new vulnerabilities in Intel’s processors, which are related to the well-known Spectre.
Two new variants of Spectre are discovered
The new variants of the Spectre class are described as Spectre 1.1 and Spectre 1.2. The Spectre 1.1 was described as a limit deviation warehouse attack and has been described as the most dangerous. Spectre leverages speculative execution, an optimization technique used by modern CPUs that speculatively execute instructions based on assumptions that are considered probable, to potentially expose sensitive data through a side channel by observing the system.
Researchers Vladimir Kiriansky of MIT and Carl Waldspurger of Carl Waldspurger Consulting discovered two sub-variants of Spectre’s variant 1. Variant 1.1 is a sub-variant of the original variant 1 that takes advantage of speculative reserves to create speculative buffer overflows. This cache buffer overflow problem could allow an attacker to write and execute malicious code that can be exploited to extract data from previously secured CPU memory, including passwords, cryptographic keys, and other sensitive information.
Variant 1.2 depends on the lazy application of PTE, the same mechanism on which the exploitation of Meltdown is based. This failure could allow a potential attacker to bypass the read/write PTE flags, eventually allowing them to overwrite the read-only data memory, code metadata, and code pointers.
Although ARM has also acknowledged the existence of variant 1.1 in its blog post, the chip manufacturer has not explicitly mentioned which ARM CPUs are particularly vulnerable. As for AMD, it has yet to acknowledge the problems.