Specter: a new threat variant and its solution is to affect the performance of your CPU

Specter logo

If you remember, we already said which Specter was going to bring a lot of tail, and that it would not be something that would be easily solved in the affected CPUs, and even that would not have a short-term solution until new silicon designs arrive that do not make the same mistakes. Well, now a new variant of the vulnerability has been detected for which the solutions provided so far do not work.

This new variant affects all modern microcache processors, both Intel and AMD. The problem is not even that anymore, but when patched to fix these security issues, they would again cause quite significant performance penalties. If the Specter ones already had a significant impact, patches for these will significantly reduce performance. And if you don't patch them, you will be exposed to them ...

A team of researchers, directed by Ashish Venkat, from the University of Virginia, has discovered this new vulnerability that can be exploited when the CPU is obtaining data from the micro-operations cache. That is, it would affect all AMD processors since 2017 and Intel since 2011 that use this type of special cache.

Both companies have been informed of this new vulnerability in advance before making the public announcement, so that they have time to react. But neither of the two companies has yet launched any update your microcode that can fix this security problem. However, you should not be too scared, since the risk is not very high, since the circumstances for an attack to be carried out are somewhat remote. In addition, there is the aforementioned loss of performance, which could generate more problems than the patching would solve ...

According to the document that has been published by these researchers, there are three possible ways to solve the problem:

  • Empty the cache of micro-ops at domain crossings. But for that, the new CPUs need to empty the TLB as well. That has pretty severe performance consequences, as processing couldn't continue until the iTLB (TLB for instructions) is not populated.
  • It can split the micro-op cache based on privileges. This partitioning would result in an increase in protection domains, and an under-utilization of this cache, so it would also have a negative impact on performance.
  • Implement performance counter-based monitoring that detects anomalies. But it is an error-prone technique and degrades performance if polled frequently.

For now, wait to see what solution the companies provide and when the firmware updates are released ...


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

Be the first to comment

Leave a Comment

Your email address will not be published.

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.