Here we go again: Spectre 1.1 and 1.2 vulnerabilities discovered

0
16

by Martin Brinkmann on July 11, 2018 in Security – 8 comments

Anyone still keeping track of all the Spectre-based vulnerabilities that were revealed to the public in 2018?

We published numerous articles on the topic already, and there is certainly some fatigue involved when it comes to the class of vulnerabilities.

Check out these resources for an overview if you have not already:

  • Check Linux for Spectre or Meltdown vulnerability
  • Find out if your browser is vulnerable to Spectre attacks
  • Find out if your Windows PC is affected by Meltdown/Spectre vulnerabilities
  • Gibson releases InSpectre vulnerability and performance checker
  • Here comes the next Spectre vulnerability (Spectre V4 CPU)
  • Protect Windows against Speculative Store Bypass exploits
  • Spectre Next Generation vulnerabilities affect Intel processors

Two security researchers, Vladimir Kiriansky and Carl Waldspurger, published information about two new Spectre-class vulnerabilities which they named Spectre 1.1 and 1.2.

spectre 1.1 microsoft

Intel and ARM have released statements already in which the companies confirm that the new Spectre variants affect company CPUs. AMD has not released a statement yet but it is likely that Spectre 1.1 and 1.2 affect AMD processors as well.

Microsoft, Oracle, and Red Hat revealed that they are looking into the new vulnerabilities to determine ways to mitigate them.

Spectre 1.1 “leverages speculative stores to create speculative buffer overflows”.

Much like classic buffer overflows, speculative out-ofbounds stores can modify data and code pointers. Data-value attacks can bypass some Spectre-v1 mitigations, either directly or by redirecting control flow. Control-flow attacks enable arbitrary speculative code execution, which can bypass fence instructions and all other software mitigations for previous speculative-execution attacks. It is easy to construct return-oriented-programming (ROP) gadgets that can be used to build alternative attack payloads.

Spectre 1.2 works on processors that don’t “enforce read/write protections” so that “speculative stores can overwrite read-only data and code pointers to breach sandboxes”.

Both vulnerabilities require that attack code is executed on vulnerable systems. While that certainly reduces the chance of exploitation, it is fair to say that the two new vulnerabilities add to the large list of Spectre-class vulnerabilities revealed in 2018.

There is little that users or system administrators can do about these issues. Patches and updates can be installed when they become available, but it seems likely that the cat and mouse game won’t end until new processor families become adopted that don’t have these flaws in first place.

The researchers suggested three hardware-based mitigations for Spectre 1.1 and one hardware-based mitigation for Spectre 1.1 attacks.

The only thing that most users can do right now is to run proper security protections on their devices to avoid that malicious code is executed on machines that would exploit one of the Spectre vulnerabilities that has not been patched yet on devices.

Bleeping Computer has published a handy table listing all Spectre and Meltdown variants. Windows users and admins may want to check Security Advisory 180002 which Microsoft updates regularly.