CATEGORIES
home News

Researchers Develop All New Exploits For Meltdown And Spectre Processor Vulnerabilities

by Paul LillyThursday, February 15, 2018, 11:47 AM EDT
CPU Bug

Recently discovered vulnerabilities present in practically every processor manufactured in the past two decades have caused quite the headache, for both companies like Intel and AMD, and end users who have to balance software patches with performance penalties. Just when we thought we could exhale (even if just a little bit), security researchers from Princeton University and NVIDIA have found new ways of exploiting Meltdown and Spectre, and upcoming hardware changes might prove futile to these new methods.

The researchers outlined their findings in a paper (PDF) titled "MeldownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols." That's quite the mouthful, and unless you're really into this sort of thing, it's a lot of dry reading. The gist of it, however, is that there are new variants of Meltdown and Spectre that hardware makers will have to take into consideration when designing future processors.

"We believe that microarchitectural mitigation of our Prime variants will require new considerations. Where Meltdown and Spectre arise by polluting the cache during speculation, MeltdownPrime and SpectrePrime are caused by write requests being sent out speculatively in a system that uses an invalidation-based coherence protocol," the researchers stated in their report.

The new methods they discovered are two-core attacks that essentially pit two CPU cores against each other, while leveraging the way memory is accessed in a multi-core setup. It gets pretty technical, but the end result is that exploiting these variants allows an attacker to access leaked memory at the same granularity as the original Meltdown and Spectre exploits, using a side-channel attack.

"Where Meltdown and Spectre arise by polluting the cache during speculation, MeltdownPrime and SpectrePrime are caused by write requests being sent out speculatively in a system that uses an invalidation-based coherence protocol," the paper states.

Fortunately all the hoopla surrounding Spectre and Meltdown have so far not resulted in any real world attacks, at least that anyone is aware of. That is likely to change at some point, however, as security researchers have already developed proof-of-concept exploits.
Tags:  Nvidia, spectre, (nasdaq:nvda), meltdown
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment