Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon

Seven new Spectre and Meltdown attacks found

Save for later
  • 3 min read
  • 15 Nov 2018

article-image

A group of researchers recently disclosed seven additional attacks in the Spectre and Meltdown families. These seven attacks are said to impact the AMD, ARM, and the Intel CPUs to a certain extent. The researchers have presented an execution of these attacks in detail, in their research paper titled, ‘A Systematic Evaluation of Transient Execution Attacks and Defenses’.

2 Meltdown and 5 Spectre variants found


The 7 newly found attacks include 2 new Meltdown variants namely, Meltdown-PK, and Meltdown-BR. It also includes 5 new Spectre mistraining strategies for Spectre-PHT and SpectreBTB attacks. The researchers said that these 7 new attacks have been overlooked and not been investigated so far.

The researchers successfully demonstrated all seven attacks with proof-of-concept code. However, experiments to confirm six other Meltdown-attacks did not succeed.

The two new Meltdown attacks include:

Meltdown-PK - bypasses memory protection keys on Intel CPUs

Meltdown-BR - exploits an x86 bound instruction on Intel and AMD

The other Meltdown attacks  which the researchers tried and failed to exploit targeted the following internal CPU operations:

Meltdown-AC - tried to exploit memory alignment check exceptions

Meltdown-DE - tried to exploit division (by zero) errors

Meltdown-SM - tried to exploit the supervisor mode access prevention (SMAP) mechanism

Meltdown-SS - tried to exploit out-of-limit segment accesses

Meltdown-UD - tried to exploit invalid opcode exception

Meltdown-XD - tried to exploit non-executable memory

seven-new-spectre-and-meltdown-attacks-found-img-0Source: A Systematic Evaluation of Transient Execution Attacks and Defenses


In order to understand the Spectre-type attacks, the researchers proposed a categorization based on, first, the prediction mechanism exploited, and second, the mistraining mechanism.

Here researchers propose to combine all attacks that exploit the same microarchitectural element:

  • Spectre-PHT: Exploits the Pattern History Table (PHT)
  • Spectre-BTB: Exploits the Branch Target Buffer (BTB)
  • Spectre-STL: Exploits the CPUs memory disambiguation prediction, specifically store-to-load forwarding (STLF)
  • Spectre-RSB: Exploits the Return Stack Buffer (RSB)


According to ZDNet, “Based on the experiments, the researchers found three new Spectre attacks that exploit the Pattern History Table (PHT) mechanism and two new Spectre attacks against the Branch Target Buffer (BTB).

  • PHT-CA-OP
  • PHT-CA-IP
  • PHT-SA-OP
  • Unlock access to the largest independent learning library in Tech for FREE!
    Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
    Renews at $19.99/month. Cancel anytime
  • BTB-SA-IP
  • BTB-SA-OP

Defenses for these new Spectre and Meltdown attacks


For each of the Spectre and Meltdown attack types, the researchers have categorized the defenses into three and two categories respectively.

For Spectre-type attacks, the defense categories are:

  • Mitigating or reducing the accuracy of covert channels used to extract the secret data.
  • Mitigating or aborting speculation if data is potentially accessible during transient execution.
  • Ensuring that secret data cannot be reached.


For Meltdown-type attacks, the defense categories are:

  • Ensuring that architecturally inaccessible data remains inaccessible on the microarchitectural level.
  • Preventing the occurrence of faults.


The researchers in the paper said, “We have systematically evaluated all defenses, discovering that some transient execution attacks are not successfully mitigated by the rolled out patches and others are not mitigated because they have been overlooked. Hence, we need to think about future defenses carefully and plan to mitigate attacks and variants that are yet unknown”.

To know more about these newly found attacks in detail and the related experiments, head over to the research paper written by Claudio Canella et al.

Intel announces 9th Gen Core CPUs with Spectre and Meltdown Hardware Protection amongst other upgrades

NetSpectre attack exploits data from CPU memory

SpectreRSB targets CPU return stack buffer, found on Intel, AMD, and ARM chipsets