Eight new vulnerabilities discovered in Intel CPUs

Once the floodgates are open the water just keeps coming. With the discovery of Meltdown and Spectre vulnerabilities, it was to be expected that more would follow. CTS Labs recently disclosed some less serious vulnerabilities in AMD's Ryzen/EPYC processors and now there's another set of bugs in Intel's processors.

German IT publication c't reports researchers discovered eight new security holes in Intel processors. All of them are caused by the same design problem, and perhaps Spectre Next Generation would be an apt name. Four of the vulnerabilities are classified as high-risk, and at least one of them is significantly more dangerous than Spectre:

One of the Spectre-NG flaws simplifies attacks across system boundaries to such an extent that we estimate the threat potential to be significantly higher than with Spectre. Specifically, an attacker could launch exploit code in a virtual machine (VM) and attack the host system from there – the server of a cloud hoster, for example. Alternatively, it could attack the VMs of other customers running on the same server. Passwords and secret keys for secure data transmission are highly sought-after targets on cloud systems and are acutely endangered by this gap. Intel's Software Guard Extensions (SGX), which are designed to protect sensitive data on cloud servers, are also not Spectre-safe.

Additionally, there's some evidence that ARM processors may be vulnerable too, but nothing concrete yet on that front. As c't points out, the main problem is that little consideration was given the security over the past couple of decades. Performance was always the most important focus in processor development, so this is likely just the beginning of a new era.