[blfs-support] Speculative Store Bypass

Michael Shell list1 at michaelshell.org
Mon Jun 4 14:54:14 PDT 2018



FWIW, when searching for more info on the SSB vulnerability, I found this:

https://www.tomshardware.com/news/researchers-discover-speculative-store-bypass-attack,37092.html


Tis some really bad news:

 "But the hope remained that the manufacturers could solve the problem with
  a few security updates. As it turns out, we can bury that hope. A total
  of eight new security flaws in Intel CPUs have already been reported to
  the manufacturer by several teams of researchers. For now, details on the
  flaws are being kept secret. All eight are essentially caused by the same
  design problem - you could say that they are Spectre Next Generation.
  ..
  One of the Spectre-NG flaws simplifies attacks across system boundaries
  to such an extent that we estimate the threat potential to be significantly
  higher than with Spectre. Specifically, an attacker could launch exploit
  code in a virtual machine (VM) and attack the host system from there - the
  server of a cloud hoster, for example. 
  ..
  Overall, the Spectre-NG gaps show that Spectre and Meltdown were not a
  one-off slip-up. It is not just a simple gap that could be plugged with a
  few patches. Rather, it seems that for each fixed issue, two others crop
  up. "



  Mike Shell


More information about the blfs-support mailing list