Security News Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Spectre and Meltdown fixes for Intel chips announced in March, to be embedded into new CPUs, do not address the newly disclosed Variant 4, sources said.


Intel introduced hardware-based safeguards to its new chips to protect against the Spectre and Meltdown flaws that rocked the silicon industry when the vulnerabilities were made public in early 2018. However, those protections are specific to V2 and V3, and will not impact the newly-discovered Variant 4 as well as other potential speculative execution side channel-related flaws in the future, sources familiar with the situation told Threatpost.

That said, chip experts familiar with the situation said that while these “protective walls” will not impact Variant 4, Intel has added a functionality into its microcode – the Speculative Store Bypass Disable (SSBD) bit – to protect against Variant 4. This functionality will continue to be utilized on future hardware platforms.


On Monday, Intel acknowledged that its processors are vulnerable to Variant 4, which could give attackers unauthorized read access to memory. Similar to the Meltdown and Spectre vulnerabilities, Variant 4 (CVE-2018-3639) is also a side channel analysis security flaw. However, Variant 4 uses a different process to extract information and is more of a cache exploit and that can be used in browser-based attacks.
 
  • Like
Reactions: harlan4096

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top