Two security researchers have revealed details about two new Spectre-class vulnerabilities, which they’ve named Spectre 1.1 and Spectre 1.2.
Just like all the previous Meltdown and Spectre CPU bugs variations, these two take advantage of the process of speculative execution— a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data.
Spectre 1.1 and Spectre 1.2 short description
According to researchers, a Spectre 1.1 attack uses speculative execution to deliver code that overflows CPU store cache buffers in order to write and run malicious code that retrieves data from previously-secured CPU memory sections.
Spectre 1.1 is very similar to the Spectre variant 1 and 4, but the two researchers who discovered the bug say that “currently, no effective static analysis or compiler instrumentation is available to generically detect or mitigate Spectre 1.1.”
As for Spectre 1.2, researchers say this bug can be exploited to write to CPU memory sectors that are normally protected by read-only flags.
“As a result [of malicious Spectre 1.2 writes], sandboxing that depends on hardware enforcement of read-only memory is rendered ineffective,” researchers say.
To exploit, similarly to most previous Meltdown and Spectre bugs, both vulnerabilities require the presence of malicious code on a user’s PC, code responsible for running the attack. This somewhat limits the bug’s severity, but doesn’t excuse sysadmins who fail to apply patches when they’ll become available.