Newly Discovered Variants Of Meltdown/Spectre Exploit Cache

[mpsparrow]

http://www.tomshardware.com/news/new-variants-meltdown-spectre-exploit-discovered,36533.html

 

A newly discovered exploit of Meltdown and Spectre has been found. They have dubbed the new exploit MeltdownPrime and SpectrePrime.

Quote

Researchers created a new method of exploiting the Meltdown and Spectre vulnerabilities, which they’ve dubbed MeltdownPrime and SpectrePrime, that works by observing the effects of speculative execution on data shared between caches of different CPU cores. Existing software mitigations for Meltdown/Spectre are believed to be effective against the new variants.

Researchers have found a way to exploit the data being shared between the cache of CPU cores.

Quote

In the process of their testing, they discovered that the speculative execution methods that are exploited by the Meltdown and Spectre vulnerabilities leave a trail that might not be observable in only a CPU’s shared cache, but in its cores’ individual caches as well. The explanation lies in the design of the invalidation-based cache coherence protocol of many CPUs.

Using this exploit they are able to recover hidden data at almost a 100% accuracy rate.

Quote

Test cases exploiting this principle created by the researchers were able to recover hidden data at 99.95% accuracy. By comparison, their test cases of a traditional Spectre exploit only reached 97.9% accuracy.

 

Quote

Before you get too alarmed, the researchers said that current software-based Meltdown/Spectre mitigations seem successful in blocking their new exploits. However, these exploits will likely need their own distinct fix, different from those for traditional Spectre, if they are to be mitigated in hardware. It looks like Intel and AMD will have their work cut out for them in their next generation of CPUs.

Nothing to get alarmed about, just continuing news about just how big Meltdown and Spectre have turned out to be. Hopefully it all gets sorted out soon Nice to see that Nvidia along with other companies and researchers and working hard to get to the bottom of these vulnerabilities.

[mr moose]

4 minutes ago, mpsparrow said:

Nothing to get alarmed about, just continuing news about just how big Meltdown and Spectre have turned out to be.

Or not to be seeing as the current patches mitigate prime as well.

[sazrocks]

Which CPUs does this affect?

[mpsparrow]

1 minute ago, sazrocks said:

Which CPUs does this affect?

I assume all the same ones as Spectre and Meltdown does, which is basically every Intel and AMD CPU made in the last 15 years.

[sazrocks]

Just now, mpsparrow said:

I assume all the same ones as Spectre and Meltdown does, which is basically every Intel and AMD CPU made in the last 15 years.

Amd was not affected by meltdown, and was only affected by one of the two specter variants. I’m wondering if this changes that.

[mpsparrow]

2 minutes ago, sazrocks said:

Amd was not affected by meltdown, and was only affected by one of the two specter variants. I’m wondering if this changes that.

True, forgot about that. From looking around I don't see anything specifying which CPUs. Let me know if you do find out.