Researchers discover fresh set of Meltdown and Spectre exploits

Posted on Thursday, February 15 2018 @ 13:39 CET by Thomas De Maesschalck
Researchers from Princeton University and NVIDIA have discovered (PDF) new methods to exploit the Meltdown and Spectre CPU vulnerabilities. No exploit code has been released but the paper describes MeltdownPrime and SpectrePrime techniques that can be used to conduct side-channel timing attacks.

The Register reports software mitigation for Meltdown and Spectre will likely stop these new exploits, albeit at the cost of lower performance. Unfortunately, it doesn't look like the upcoming hardware-level changes will be enough to get rid of these exploits:
The researchers suggest that while software fixes for the original flaws will also neuter variant attacks, hardware changes may not be adequate.

"Given our observations with mfence and lfence successfully mitigating Spectre and SpectrePrime in our experiments, we believe that any software techniques that mitigate Meltdown and Spectre will also be sufficient to mitigate MeltdownPrime and SpectrePrime," the paper concluded. "On the other hand, we believe that microarchitectural mitigation of our Prime variants will require new considerations."
In related news, Intel announced an extension of its bug hunting program. The chip giant is now awarding bounties of up to $250,000 for side channel vulnerabilities. Awards for other areas range up to $100,000.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.


Loading Comments

Share this story!

Latest news

Latest reviews