New Spectre-like flaw found in CPUs using speculative execution

2018-05-22 20:13

A new flaw that can allow an attacker to obtain access to sensitive information on affected systems has been discovered in modern CPUs. CVE-2018-3639, discovered by independently by Google Project Zero and Microsoft Security Response Center researchers and dubbed “Variant 4,” is a Speculative Store Bypass (SSB) vulnerability, and is considered to be a new variant of the previously revealed Spectre Variant 1 vulnerability. “Variant 4 is a vulnerability that exploits ‘speculative bypass.’ When exploited, … More → The post New Spectre-like flaw found in CPUs using speculative execution appeared first on Help Net Security.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/qu8Vm7RefFw/

#CPU #newspectre #spectre #CVE-2018-3639

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2018-05-22	CVE-2018-3639	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. local low complexity intel arm redhat debian canonical siemens oracle mitel sonicwall schneider-electric nvidia microsoft CWE-203	2.1