Report Claims Eight New Spectre-Class Vulnerabilities Impact Intel And ARM Processors

The online German computer magazine Heise.de is reporting that eight new Spectre-class vulnerabilities have been discovered. The vulnerabilities purportedly affect Intel and ARM processors, but the impact on AMD processors remain unknown. We reached out to Intel for comment, and the company provided this statement, which neither confirms nor denies the vulnerabilities:

Protecting our customers’ data and ensuring the security of our products are critical priorities for us. We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers. We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations. As a best practice, we continue to encourage everyone to keep their systems up-to-date.

Much like the first round of Spectre vulnerabilities, these newly discovered vulnerabilities rely upon a side-channel attack on a processors' speculative execution engine. As per normal and responsible reporting policies, the teams of researchers that discovered the attacks are not releasing details until processor vendors are given a reasonable amount of time to develop patches, which should help ward off exploits, at least for now.

The new discoveries, which Heise.de terms "Spectre-NG" (Next Generation), come after several processor vendors delivered the final round of Spectre and Meltdown patches to the public. As we've seen in our own testing, the existing patches can have an impact on performance in a wide range of applications, and further protections may bring about more pain-inducing mitigations.

Heise.de discovered the vulnerabilities through the Common Vulnerability Enumerator (CVE) directory, which is the industry's central list of vulnerabilities. Details of the technical aspects are still slight, but as many have opined in the early days of the Spectre and Meltdown revelations, building more sophisticated attacks based on the same basic principles could allow attackers to circumvent the existing patches. That appears to have come to fruition, as these attacks are merely another iteration of the same tactic. Heise.de expects more information to surface in the coming days.

Heise.de claims that Intel has already developed patches, which will roll out in two waves: One arrives in May, and the second is planned for August. Microsoft is also purportedly readying its own patches. According to the site, four of the vulnerabilities fall into the "high risk" category, while the other four are rated as "medium."

The website also claims that one of the vulnerabilities is much more dangerous than the original Spectre. In theory, attackers could launch exploit code from within a virtual machine, which could then attack the host or other VMs. Unfortunately, these attacks could even sidestep Intel's Software Guard Extensions (SGX), which are designed to protect the most sensitive passwords and encryption keys.

Unlike the fog of uncertainty that clouded CTS Labs' disclosures of AMD vulnerabilities, the Spectre-NG issues appear to be real. Intel has already promised that in-silicon fixes for the original Spectre/Meltdown issues will be released this year. These hardware-based mitigations should reduce, or even eliminate, the performance impact of the current patches.

In light of Intel's recent disclosure that it's delaying its next-generation 10nm chips, we aren't sure if those fixes will come this year. If the Spectre-NG is real, there is a possibility that Intel had enough forewarning to include hardware-based fixes for those vulnerabilities, as well.

We'll update as more information comes to light.

Paul Alcorn
Managing Editor: News and Emerging Tech

Paul Alcorn is the Managing Editor: News and Emerging Tech for Tom's Hardware US. He also writes news and reviews on CPUs, storage, and enterprise hardware.

  • lperreault21
    Oh look! another one!

    I honestly can not believe any of these anymore
    Reply
  • littleleo
    Where is the announcement from that firm in Israel about these flaws? That's right these are Intel flaws not AMD that is why the silence.
    Reply
  • modeonoff
    I spent a month going back and forth between Intel and AMD. While I was going to place the orders for components to build a 8700K system today, I read such announcement. Now I am thinking of just getting a cheap 8400 CPU and wait until Intel release a new CPU with all these bugs removed at hardware level at the end of the year. Don't know if there will be delay again. If I go ahead and build a Threadripper system, I have to worry about potential compatibility issues of some software libraries.
    Reply
  • DXRick
    Whatever. With everyone out to steal my stuff and take over my computer, just leave me enough bandwidth to play my games.
    Reply
  • dextermat
    If you think AMD and Intel will build 100 % vulnerabilities proof you live on the moon....
    Reply
  • Dark Lord of Tech
    THEY will find flaws in the new releases too , it will be an ongoing battle.
    Reply
  • stdragon
    Effectively dumping the cache already took a big hit. I can't see how much worse it could get performance wise. Famous last words, I know.

    Hopefully this is just a hypothetical issue patched with a microcode update.
    Reply
  • modeonoff
    What suggestion do you have? In the article, it states that it is not certain if AMD CPUs are also affected.
    Reply
  • RCaron
    AMD CPU's allocate memory differently. To be vulnerable a hacker would have to predict or search each of the memory allocations in an AMD machine. There are millions. This is like searching for a needle in a haystack.

    On an Intel machine, the answer is helpfully provided on a silver platter, you don't have to go looking.

    That's the difference.

    When AMD says they're vulnerable, they mean that yeah technically if you searched through the entire memory bank you may be able to find the exploit. TECHNICALLY, even though it's really difficult and nobody would do it because well, Intel is an easier target and there are more Intel's around. It's like running from a Bear.. no need to run faster than the slowest person. With respect to Spectre, Intel is the slowest person.

    “It is much more difficult on all AMD CPUs, because BTB entries are not aliased - the attacker must know (and be able to execute arbitrary code at) the exact address of the targeted branch instruction.” https://www.reddit.com/r/Amd/comments/7o2i91/technical_analysis_of_spectre_meltdown/
    Reply
  • Integr8d
    Of course, they wait until after the markets have closed.
    Reply