New Spectre Variant Discovered That Affects AMD, ARM, and Intel

New Spectre Variant Discovered That Affects AMD, ARM, and Intel

A new variant on the Spectre attacks has been discovered, and it hits CPUs from AMD, ARM, and Intel. The new Variant 4 attack has been disclosed by Microsoft, Google, and Intel itself. The new exploit isn’t thought to be as bad as some of the earlier attacks we’ve discussed, though as always, your exposure to the problem will depend on the type of workloads you run. As we’ve previously discussed, this attack again targets an aspect of speculative execution — in this case, it’s called a Speculative Store Bypass (SSB).

Here’s how Microsoft describes the problem:

SSB arises due to a CPU optimization that can allow a potentially dependent load instruction to be speculatively executed ahead of an older store. Specifically, if a load is predicted as not being dependent on a prior store, then the load can be speculatively executed before the store. If the prediction is incorrect, this can result in the load reading stale data and possibly forwarding that data onto other dependent micro-operations during speculation. This can potentially give rise to a speculative execution side channel and the disclosure of sensitive information.

Table by Microsoft
Table by Microsoft

The overall risk, in this case, is thought to be low. SSB can give an attacker access to data stored at memory locations that they aren’t supposed to know, but it doesn’t allow them to write data, and exploiting the attack requires that the attacker be able to run code on a victim machine. The bad news is, if SSB does represent a risk to your systems, there could be a performance hit associated with it. Test results show that Variant 4 can hit CPU performance by anywhere from 2 percent to 8 percent depending on the test in question. For now, the major vendors are recommending that users leave the fix disabled unless they know they have specific reason to enable it. AMD appears to be following that guidance as well.

In its update, Intel writes:

We’ve already delivered the microcode update for Variant 4 in beta form to OEM system manufacturers and system software vendors, and we expect it will be released into production BIOS and software updates over the coming weeks. This mitigation will be set to off-by-default, providing customers the choice of whether to enable it. We expect most industry software partners will likewise use the default-off option. In this configuration, we have observed no performance impact…

This same update also includes microcode that addresses Variant 3a (Rogue System Register Read), which was previously documented publicly by Arm* in January. We have not observed any meaningful performance impact on client or server benchmarks with the Variant 3a mitigation.3 We’ve bundled these two microcode updates together to streamline the process for our industry partners and customers. This is something you will see us continue, as we recognize that a more predictable and consolidated update process will be helpful to the entire ecosystem.

It’s not clear when we’ll be done with Spectre patches. Because the original attack identified an entire class of methods of attacking CPUs that engage in speculative execution, we could be dealing with this problem for years to come. Intel has promised hardware updates to resolve certain issues with future CPU generations; it’s not clear if AMD will follow suit and introduce mitigations in Ryzen 2 or not.

Continue reading

NASA Discovers Vital Organic Molecule on Titan
NASA Discovers Vital Organic Molecule on Titan

In the latest analysis, researchers from NASA have identified an important, highly reactive organic molecule in Titan's atmosphere. Its presence suggests the moon could support chemical processes that we usually associate with life.

Paleontologists Might Have Discovered the Largest Dinosaur That Ever Lived
Paleontologists Might Have Discovered the Largest Dinosaur That Ever Lived

Scientists excavating a new species of dinosaur in Argentina have reported that the specimen might be the largest that ever lived. Even if it doesn't set a record, the animal was much bigger than anything alive today.

Scientists Can Finally Study Einsteinium 69 Years After Its Discovery
Scientists Can Finally Study Einsteinium 69 Years After Its Discovery

In the remnants of atomic explosions, scientists found never-before-seen elements like einsteinium. Now, almost 70 years after its discovery, scientists have collected enough einsteinium to conduct some basic analysis.

The First Black Hole Ever Discovered Might Be Even Larger
The First Black Hole Ever Discovered Might Be Even Larger

Scientists have been looking for black holes ever since general relativity predicted such an object could exist. Cygnus X-1 made history in 1964 as the first likely candidate black hole. Astronomers have revisited Cygnus over the years, and a new analysis suggests the first black hole spotted by humanity might be larger and farther away than believed.