Spectre-NG – Researchers revealed 8 new varieties of the Spectre flaws

Pierluigi Paganini May 05, 2018

A group of security researchers has reportedly discovered 8 new varieties of the Spectre vulnerabilities, dubbed Spectre-Next Generation or Spectre-NG, that affect Intel CPUs.

German security website reported that an unnamed team of researchers has discovered the new flaws that exploit the new issues reported in the original Spectre and Meltdown attacks.

The new eight Spectre-NG vulnerabilities in Intel CPUs also affect some ARM processors, at the time of writing the researchers only disclosed to the German computer magazine Heise the partial details of the vulnerabilities.

Intel has already acknowledged the Spectre-NG vulnerabilities and classified four of them as “high risk” and four as “medium.”

“Intel is already working on its own patches for Spectre-NG and developing others in cooperation with the operating system manufacturers. According to our information, Intel is planning two waves of patches. The first is scheduled to start in May; a second is currently planned for August.” reported the German computer magazine Heise.

“Knowing that Google Project Zero discovered one of the Spectre-NG flaws gives us an idea of when to expect the first patch.”

Spectre-NG vulnerabilities

One of the flaws could be exploited by attackers with access to a virtual machine (VM) to take over the host system.

“One of the Spectre-NG flaws simplifies attacks across system boundaries to such an extent that we estimate the threat potential to be significantly higher than with Spectre. Specifically, an attacker could launch exploit code in a virtual machine (VM) and attack the host system from there – the server of a cloud hoster, for example.” continues the report.

“Alternatively, it could attack the VMs of other customers running on the same server. Passwords and secret keys for secure data transmission are highly sought-after targets on cloud systems and are acutely endangered by this gap.”

The original Spectre attack allows user-mode applications to extract information from other processes running on the same system. It can also be exploited to extract information from its own process via code, for example, a malicious JavaScript can be used to extract login cookies for other sites from the browser’s memory.

The Spectre attack breaks the isolation between different applications, allowing to leak information from the kernel to user programs, as well as from virtualization hypervisors to guest systems.

Spectre attacks trigger the CVE-2017-5753 (Variant 1) and CVE-2017-5715 (Variant 2) flaw, while Meltdown and Spectre Variant 1 can be addressed via software, the Spectre Variant 2 required an update of the microcode for the affected processors.

According to the German magazine, one of the Spectre-NG vulnerabilities was discovered by a white hat hacker at Google’s Project Zero that reported it to Intel 88 days ago.

If the vulnerability will be not fixed in a 90-day period according to the Google disclosure policy, the Project Zero team would possibly publicly share technical details of at least one flaw on May 7th (1 day before the Windows Patch Tuesday).

According to the magazine, there are signs that Microsoft is also preparing for CPU patches to release in the upcoming months.

The real problem is that this new wave of patches could have similar effects of the original ones in terms of performance and stability, we can only sit and wait for them.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Spectre-NG vulnerabilities, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment