New Variant of Spectre Security Flaw Discovered: Speculative Buffer Overflows

In their paper, the two security researchers explain the attacks and defences for the new Spectre variant they discover, which they call Spectre1.1 (CVE-2018-3693), a new variant of the first Spectre security vulnerability unearthed earlier this year and later discovered to have multiple other variants. The new Spectre flaw leverages speculative stores to create speculative buffer overflows. Similar to the classic buffer overflow security flas, the new Spectre vulnerability is also known as “Bounds Check Bypass Store” or BCBS to distinguish it from the original speculative execution attack.