Original release date: May 21, 2018
CPU hardware implementations
On May 21, 2018, new variants—known as Spectre 3A and 4—of the side-channel central processing unit (CPU) hardware vulnerability were publically disclosed. These variants can allow an attacker to obtain access to sensitive information on affected systems.
CPU hardware implementations—known as Spectre and Meltdown—are vulnerable to side-channel attacks. Meltdown is a bug that “melts” the security boundaries normally enforced by the hardware, affecting desktops, laptops, and cloud computers. Spectre is a flaw that an attacker can exploit to force a CPU to reveal its data.
Spectre Variant 3a is a vulnerability that may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information.
Spectre Variant 4 is a vulnerability that exploits “speculative bypass.” When exploited, Variant 4 could allow an attacker to read older memory values in a CPU’s stack or other memory locations. While implementation is complex, this side-channel vulnerability could allow less privileged code to
- Read arbitrary privileged data; and
- Run older commands speculatively, resulting in cache allocations that could be used to exfiltrate data by standard side-channel methods.
Corresponding CVEs for Side-Channel Variants 1, 2, 3, 3a, and 4 are found below:
- Variant 1: Bounds Check Bypass – CVE-2017-5753
- Variant 2: Branch Target Injection – CVE-2017-5715
- Variant 3: Rogue Data Cache Load – CVE-2017-5754
- Variant 3a: Rogue System Register Read – CVE-2018-3640
- Variant 4: Speculative Store Bypass – CVE-2018-3639
Side-Channel Vulnerability Variants 3a and 4 may allow an attacker to obtain access to sensitive information on affected systems.
NCCIC recommends users and administrators
- Refer to their hardware and software vendors for patches or microcode,
- Use a test environment to verify each patch before implementing, and
- Ensure that performance is monitored for critical applications and services.
- Consult with vendors and service providers to mitigate any degradation effects, if possible.
- Consult with Cloud Service Providers to mitigate and resolve any impacts resulting from host operating system patching and mandatory rebooting, if applicable.
- Google Project Zero Blog
- Bounds Check Bypass – CVE-2017-5753
- Branch Target Injection – CVE-2017-5715
- Rogue Data Cache Load – CVE-2017-5754
- Rogue System Register Read – CVE-2018-3640
- Speculative Store Bypass – CVE-2018-3639
- TA18-004A – Meltdown and Spectre Side-Channel Vulnerability Guidance
- May 21, 2018: Initial version