Heise.de reports that eight new security flaws have been reported to Intel by several teams of researchers:
All eight are essentially caused by the same design problem – you could say that they are Spectre Next Generation.
... Each of the eight vulnerabilities has its own number in the Common Vulnerability Enumerator (CVE) directory and each requires its own patches. It is likely that each vulnerability will receive its own name. Until then, we will jointly call these flaws Spectre-NG in order to distinguish them from the previously uncovered issues.
So far we only have concrete information on Intel's processors and their plans for patches. However, there is initial evidence that at least some ARM CPUs are also vulnerable. Further research is already underway on whether the closely related AMD processor architecture is also susceptible to the individual Spectre-NG gaps, and to what extent.
...Intel itself classifies four of the Spectre-NG vulnerabilities as "high risk"; the remaining four are rated as "medium". According to our own research, risks and attack scenarios at Spectre-NG are similar to those at Spectre – with one exception.
One of the Spectre-NG flaws simplifies attacks across system boundaries to such an extent that we estimate the threat potential to be significantly higher than with Spectre. Specifically, an attacker could launch exploit code in a virtual machine (VM) and attack the host system from there – the server of a cloud hoster, for example. Alternatively, it could attack the VMs of other customers running on the same server.
(Score: 2) by martyb on Wednesday May 09 2018, @03:28AM
All of your suggestions sound good. The devil is in the details.
Take, for example, "ECC/error correction for memory needs to be modified so that sufficient checking is available for *ALL POSSIBLE ERROR CONDITIONS*".
In the beginning, there was just memory. But, an occasional bit flip could take down a system. So, parity was introduced to detect when a bit flipped. That added cost, but provided some degree of protection. In other cases, it was found preferable to have Single Error Correction with Double Error Detection (SEC-DED).
But, ECC comes at a price [wikipedia.org]
So far, the market has spoken that good enough® is good enough &mdash that fully protected memory is not worth the cost.
Wit is intellect, dancing.