New variant of specter will cause performance loss

We continue to talk about the Meltdown and Specter vulnerabilities, as several companies, including Microsoft, Google, AMD, ARM, Intel and Red Hat, have jointly revealed details about a new Specter variant 4, which will need mitigations that will lead to loss of performance..

A new variant of Specter is discovered

The US-CERT has detailed information on two new Specter variants, specifically 3A and 4. The first was originally documented by ARM in January, and allows attackers with local access to a machine to use lateral channel analysis, and to read confidential information and other system parameters.

We recommend reading our post on Intel that talks about Specter and Meltdown, in addition to their processes at 14 nm and 10 nm

As for variant 4 it has been labeled "Speculative Store Bypass", and allows those with malicious intent to read past system values on a CPU stack, or other memory locations. If an attack is successful, the attacker will be able to arbitrarily read privileged data, and speculatively execute previous system commands.

Intel says it has offered microcode upgrades for variants 3A and 4 in beta form to equipment manufacturers, and that customers should expect a 2-8% performance loss. This new update is expected to roll out in the coming weeks.

On the other hand, Microsoft says it has not yet determined a vulnerable code pattern in its products, however it will investigate further and release updates if necessary. The companies are now working together in a more coordinated way, to jointly disclose the vulnerabilities and release mitigations for customers, particularly after all the problems experienced in January.

As for AMD, it is mentioned that its processors are not vulnerable to variant 3A, but nothing is said about variant 4.

Neowin font