CVE-2018-3693: New Spectre 1.1 Vulnerability Emerges

Spectre 1.1 Vulnerability

The latest variant of the Spectre series of bugs have been discovered — the newest addition is the Spectre 1.1 vulnerability which is tracked under the CVE-2018-3693 security advisory. Like previous iterations it leverages a flaw that can create speculative buffer overflows. They allow malicious code to bypass the processor security measures thereby obtaining sensitive information.

Spectre 1.1 Vulnerability Identified and Tracked in CVE-2018-3693

The wave of speculative buffer overflow attacks continue as Vladimir Kiriansky and Carl Waldspurger published a paper showcasing details about the latest called the Spectre 1.1 vulnerability. It uses a similar mechanism to previous Spectre bugs by leveraging speculative stores that lead to the showcased buffer overflows. It is also called “Bounds Check Bypass Store” or shortened to BCBS to differentiate it from the other Spectre vulnerabilities.

The security vulnerability is tracked in the CVE-2018-3693 which reads the following description:

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.

The reason for its existence is the processor performance optimization conditional branches of instructions that are used to speed up application execution. This is a feature that is standard among almost all modern processors. The devised proof-of-concept attack reveals that the speculative write operations used in the Spectre 1.1 vulnerability allows information disclosure via the side channels. The code used in the attacks has been found to ignore the security bound checks hence the name of the attacks.

Within the victim domain the bug allows the malicious users to devise arbitrary code execution. According to the preliminary threat analysis a hypothetical attack can mount both local and remote targets. The researchers point out (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Martin Beltov. Read the original post at: