Mitigation requires both microcode and OS updates. Spectre-NG – CVE-2018-3639Īlso known as Spectre variant 4, or Speculative Store Bypass (SSB), this is a Spectre variant that allows performing memory reads before prior memory write addresses are known and can be used to leak cross-process information. This vulnerability can be mitigated by enforcing “eager” instead of “lazy” FPU context switching at the operating system level. The FPU state can contain sensitive information from cryptographic operations. Mitigating this variant of Spectre efficiently requires updates to the affected CPU microcode, which can be applied either through BIOS/UEFI updates or by the operating system at every reboot.Ī speculative execution flaw related to Meltdown that’s also known as LazyFP and can be used to leak the state of the floating-point unit (FPU) - a specialized math coprocessor present in Intel’s modern CPUs that’s used to accelerate mathematical operations on floating point numbers. Spectre variant 2 has the same impact as variant 1 but uses a different exploitation technique called branch target injection. The vulnerability affects Intel, IBM and a limited number of ARM CPUs. It allows one process to extract sensitive information from the memory of another process but could also bypass the user/kernel memory privilege boundary.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |