Another Spectre-Like CPU Vulnerability
Google and Microsoft researchers have disclosed another Spectre-like CPU side-channel vulnerability, called “Speculative Store Bypass.” Like the others, the fix will slow the CPU down.
The German tech site Heise reports that more are coming.
I’m not surprised. Writing about Spectre and Meltdown in January, I predicted that we’ll be seeing a lot more of these sorts of vulnerabilities.
Spectre and Meltdown are pretty catastrophic vulnerabilities, but they only affect the confidentiality of data. Now that they—and the research into the Intel ME vulnerability—have shown researchers where to look, more is coming—and what they’ll find will be worse than either Spectre or Meltdown.
I still predict that we’ll be seeing lots more of these in the coming months and years, as we learn more about this class of vulnerabilities.
Lisa • May 22, 2018 10:45 AM
The question is, when if ever will it be possible to purchase x64 processors for PCs, which do not have any pipelining, speculative execution, or lack of cache & stack isolation?
Some of us would be willing to accept a significant slowdown in CPU performance in exchange for better security.
Intel typically prevents users to even install microcode patches directly from them, forcing users to go through their OEM vendors which do not all make those patches available.
Worse yet, we may be 1-2 years away before Intel starts to releases hardware fixes, in its Ice Lake and newer lines.