Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Tuesday May 08 2018, @04:42PM   Printer-friendly
from the doom-and-gloom dept.

Heise.de reports that eight new security flaws have been reported to Intel by several teams of researchers:

All eight are essentially caused by the same design problem – you could say that they are Spectre Next Generation.

... Each of the eight vulnerabilities has its own number in the Common Vulnerability Enumerator (CVE) directory and each requires its own patches. It is likely that each vulnerability will receive its own name. Until then, we will jointly call these flaws Spectre-NG in order to distinguish them from the previously uncovered issues.

So far we only have concrete information on Intel's processors and their plans for patches. However, there is initial evidence that at least some ARM CPUs are also vulnerable. Further research is already underway on whether the closely related AMD processor architecture is also susceptible to the individual Spectre-NG gaps, and to what extent.

...Intel itself classifies four of the Spectre-NG vulnerabilities as "high risk"; the remaining four are rated as "medium". According to our own research, risks and attack scenarios at Spectre-NG are similar to those at Spectre – with one exception.

One of the Spectre-NG flaws simplifies attacks across system boundaries to such an extent that we estimate the threat potential to be significantly higher than with Spectre. Specifically, an attacker could launch exploit code in a virtual machine (VM) and attack the host system from there – the server of a cloud hoster, for example. Alternatively, it could attack the VMs of other customers running on the same server.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Tuesday May 08 2018, @05:21PM (1 child)

    by Anonymous Coward on Tuesday May 08 2018, @05:21PM (#677100)

    So the specter of Spectre continues. I haven't heard much out of Intel regarding new chips in the pipeline addressing these issues by redesigning the problem areas rather than patches (on top of patches). Is Intel just going to try to increase clockspeeds to mitigate the performance penalties caused by the patches?

  • (Score: 1, Informative) by Anonymous Coward on Tuesday May 08 2018, @05:52PM

    by Anonymous Coward on Tuesday May 08 2018, @05:52PM (#677111)

    Aren't the recent vulnerabilities in the very core of Intel's CPU architecture? It will presumably take them a few years of research to develop something completely new (and still compatible with x86/x64).