New Spectre (Variant 4) CPU Flaw Discovered

On May 21, 2018 Google Project Zero (GPZ), Microsoft, and Intel disclosed two new chip vulnerabilities related to the Spectre and Meltdown issues known as Speculative Store Bypass (CVE-2018-3639) and Rogue System Registry Read (CVE-2018-3640), or Variant 4.

As with the initial variants, Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel. An attacker who has successfully exploited this vulnerability may be able to read privileged data across trust boundaries.

Vulnerable code patterns in the operating system (OS) or in applications could allow an attacker to exploit this vulnerability. For example in the case of Just-in-Time (JIT) compilers such as JavaScript JIT employed by modern web browsers, it may be possible for an attacker to supply JavaScript that produces native code that could give rise to an instance of CVE-2018-3639.

Intel has classified Variant 4 as “medium risk” because “many” of the exploits that Speculative Store Bypass attack would exploit were fixed by browsers like Internet Explorer, Edge, Safari, Firefox, and Chrome during the initial set of patches.
However, since there is still a potential for new exploits, Intel and its partners (including PC makers and OEM system manufacturers) will be releasing BIOS and software microcode updates for Variant 4 in the “coming weeks.”

For more information about these vulnerabilities, see resources in either Microsoft’s or Intel’s articles below:

Please refer to article below for a more technical analysis about the vulnerability (geared towards security researchers and engineers):