Intel has been dealing with the Spectre and Meltdown with multiple release firmware updates and patched to deal with the the side-channel attacks. At the same time security researchers have discovered another side-channel vulnerability, which is detailed under CVE-2018-3693.
It is one of a dozen new CVEs published by Intel. Researchers Vladimir Kiriansky and Carl Waldspurger discovered the flaw (PDF) and are being rewarded $100,000 for their efforts, as part of Intel’s bug bounty program.
“On January 3, 2018, a team of security researchers disclosed several software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from many types of computing devices with many different vendors’ processors and operating systems. On Jul 10, 2018, additional research disclosed related variations of these methods…Intel would like to thank Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting and for working with the industry on coordinated disclosure,” Intel stated in its disclosure.
The researchers actually discovered two minor variants that are similar to Spectre Variant 1, which they have dubbed Spectre 1.1 and Spectre 1.2. However, it’s the bigger of the two, a “bounds check bypass store” (BCBS), that was the source of the hefty bug bounty. It essentially allows for malicious code already running on an Intel system to access passwords, encryption keys, and other sensitive information from data stored in memory that is typically inaccessible.
“As we continue working with industry researchers, partners and academia to protect customers against evolving security threats, we are streamlining security updates and guidance for our industry partners and customers when possible. With this in mind, today we are providing mitigation details for a number of potential issues, including a new sub-variant of variant 1 called Bounds Check Bypass Store, for which mitigations or developer guidance have been released. More information can be found on our product security page. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel.”
To deal with these new exploits and other similar ones that will inevitably arise, Intel is moving to a quarterly release cadence for its security updates rather than random releases for these types of mitigations. It’s similar to Microsoft’s monthly Patch Tuesday schedule, except Intel is targeting every three months instead of every month.
