Back in the start of 2018, Meltdown and Spectre CPU flaw affected most of the CPUs including Intel, ARM, and others. Months after the detection, Google's Project Zero’s (GPZ) and Microsoft have discovered another new form of Spectre-Meltdown CPU flaw; Speculative Store Bypass (variant 4). The latest vulnerability is similar to Spectre and exploits speculative execution that modern CPUs use. However, Intel claims that they have not seen any reports of this method being used in real-world exploits so far. Browsers like Safari, Edge, and Chrome were all patched for Meltdown earlier this year, and according to Intel, these mitigations are also applicable to variant 4 and available for consumers to use today. Similar to Spectre, the new Variant 4 will also affect performance upon fixing it with firmware updates. Intel says that it has already delivered the microcode update for Variant 4 in beta to OEMs and system software vendors, and the broad reach is expected to be available in the coming weeks. This update would set the Speculative Store Bypass protection to off-by-default, so users won't notice any performance impacts. However, if enabled, a noticeable performance impact of approximately 2 to 8% is seen based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client and server test ...
Tuesday 22 May 2018
Google and Microsoft disclose new Variant 4 Meltdown, Spectre CPU flaw
Back in the start of 2018, Meltdown and Spectre CPU flaw affected most of the CPUs including Intel, ARM, and others. Months after the detection, Google's Project Zero’s (GPZ) and Microsoft have discovered another new form of Spectre-Meltdown CPU flaw; Speculative Store Bypass (variant 4). The latest vulnerability is similar to Spectre and exploits speculative execution that modern CPUs use. However, Intel claims that they have not seen any reports of this method being used in real-world exploits so far. Browsers like Safari, Edge, and Chrome were all patched for Meltdown earlier this year, and according to Intel, these mitigations are also applicable to variant 4 and available for consumers to use today. Similar to Spectre, the new Variant 4 will also affect performance upon fixing it with firmware updates. Intel says that it has already delivered the microcode update for Variant 4 in beta to OEMs and system software vendors, and the broad reach is expected to be available in the coming weeks. This update would set the Speculative Store Bypass protection to off-by-default, so users won't notice any performance impacts. However, if enabled, a noticeable performance impact of approximately 2 to 8% is seen based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client and server test ...
