Intel finds another chip exploit

Just when we thought that we were past the myriad of Spectre and Meltdown CPU flaws, Intel (along with Google and Microsoft) has today shed light on a new strain of Spectre-style vulnerabilities called Speculative Store Bypass or Variant 4. While close to eight new variants of Spectre were discovered recently, this is the fourth one to be disclosed by the popular chipmaker.

Variant 4 (CVE-2018-3639) is also a side channel analysis security flaw, but it uses a different process to extract information, and the most common use is in web browsers.

“Like the other GPZ variants, Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel,” Leslie Culbertson, executive vice president and general manager of Product Assurance and Security at Intel, said in a post on Monday.

The Spectre and Meltdown vulnerabilities led to frantic work by Intel and its computer-maker partners to put in place software code to protect systems.

The biggest maker of computer processors acknowledged that its processors are vulnerable to another dangerous speculative execution side channel flaw that could give attackers unauthorized read access to memory. However, Intel has classified this Variant 4 exploit as a medium-risk vulnerability and added that it shouldn’t affect most users as mitigations rolled out for the ‘first strain’ of Spectre exploit would work against this as well.

In its blog post, Intel says a potential way to exploit the chip-related vulnerability would be to try to access information via code run inside a web browser. The attacks concerning the same are known to work only in a ‘language-based runtime environment’ like a web browser but the company is not aware of a successful browser exploit.

“In this case, the researchers demonstrated Variant 4 in a language-based runtime environment. While we are not aware of a successful browser exploit, the most common use of runtimes, like JavaScript, is in web browsers,” read the blog post.

The chipmaker has worked with its OEM partners and has already pushed the beta microcode update for Speculative Store Bypass to them. In the blog post, it adds,