One Spectre/Meltdown flaw for Every Day of the Week
A team of researchers has found seven new Spectre/Meltdown flaws. In a paper, the researchers wrote: we present a sound and extensible systematization of transient execution attacks. Our systematization uncovers 7 (new) transient execution attacks that have been overlooked and not been investigated so far.
These flaws include two new Meltdown variants: Meltdown-PK on Intel, and Meltdown-BR on Intel and AMD. The rest of the five flaws were related to Spectre.
“We evaluate all 7 attacks in proof-of-concept implementations on 3 major processor vendors (Intel, AMD, ARM),” said the paper, “Through this systematic evaluation, we discover that we can still mount transient execution attacks that are supposed to be mitigated by rolled out patches.”
The team also suggested mitigation possibilities. “Transient execution attacks use a covert channel to transfer the microarchitectural state change induced by the transient instruction sequence such that it can be observed on an architectural level. One approach in mitigating Spectre-type attacks is to reduce the accuracy,” said the paper.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.