Security Researchers Find Two New Variants of the Spectre Vulnerability

Dubbed Spectre Variant 3a and Spectre Variant 4, the two security vulnerabilities are identified as Rogue System Register Read (CVE-2018-3640) and Speculative Store Bypass (CVE-2018-3639). While Spectre Variant 3a lets a local attacker to obtain sensitive information by reading system parameters via side-channel analysis, the Spectre Variant 4 vulnerability lets unprivileged attackers read older memory values from memory or the CPU stack. According to the security researchers who found the two vulnerabilities, the implementation of the Spectre Variant 4 side-channel vulnerability is complex, but it could let attackers using less privileged code to exploit the “speculative bypass” and either read arbitrary privileged data or execute older commands speculatively, which may result in cache allocations that could let them exfiltrate data if they use standard side-channel methods.