Linked by Thom Holwerda on Mon 21st May 2018 22:52 UTC
Bugs & Viruses

Microsoft and Google are jointly disclosing a new CPU security vulnerability that's similar to the Meltdown and Spectre flaws that were revealed earlier this year. Labelled Speculative Store Bypass (variant 4), the latest vulnerability is a similar exploit to Spectre and exploits speculative execution "that modern CPUs use. Browsers like Safari, Edge, and Chrome were all patched for Meltdown earlier this year, and Intel says these mitigations are also applicable to variant 4 and available for consumers to use today."

However, unlike Meltdown (and more similar to Spectre) this new vulnerability will also include firmware updates for CPUs that could affect performance. Intel has already delivered microcode updates for Speculative Store Bypass in beta form to OEMs, and the company expects them to be more broadly available in the coming weeks. The firmware updates will set the Speculative Store Bypass protection to off-by-default, ensuring that most people won’t see negative performance impacts.

This cat ain't going back in no bag anytime soon.

Permalink for comment 657185
To read all comments associated with this story, please click here.
RE[3]: Backwards evolution
by bhtooefr on Wed 23rd May 2018 07:51 UTC in reply to "RE[2]: Backwards evolution"
Member since:

Ultimately, I'd argue that reserving some cache for speculative execution is necessary - basically, enough extra cache to unwind all speculative actions.

(So, a speculative action could bring cache lines in, but they'd be flagged as speculative and old cache lines not evicted, until the speculative action is committed, at which point the old cache lines would be evicted and the flag cleared. If the speculative action is cancelled, the new cache lines would instead be evicted.)

Reply Parent Score: 2