When the Spectre and Meltdown vulnerabilities were first discovered, some likely guessed it was only the beginning as more researchers would start investigating out-of-order/speculative execution methods to find more still vulnerabilities. Now we know one more has been found, the Speculative Store Buffer Bypass CVE, and it could be used to gain access to information stored on a processor's local cache.
Out-of-order or speculative execution is a performance improving optimization modern processors use where they try to guess what the next operation to execute will be and then perform it before being requested to. In this Variant 4 vulnerability, it is the speculative storage of information, which involves assuming data stored in the local cache will not change before the speculated operation is actually called, that is attacked, allowing something like sandboxed code to access data it should not be able to. The concept of privilege levels has existed for a long time and they can be used to prevent one application from accessing the information of another, but today there are applications that can run a sandboxed environment within its own process. This new vulnerability would allow malicious code within the sandbox to access information the process has proper access to, but is outside of the sandbox. For example, malicious code running in a sandboxed browser tab could access information pertaining to another tab.
While this vulnerability is a threat and impacts Intel, AMD, and ARM processors, there is some good news here. The mitigations already developed for the other three variants (Spectre variants 1 and 2 and Meltdown, which is variant 3) will provide some protection against this. There are still some gaps, but the companies are aware of the vulnerability and have been working on new protections. It will take some time, but eventually we will see speculative execution be hardened in the hardware, so we can keep the performance improvements it offers and our data private.
Back to original news post