Michael Schwarz, Martin Schwarzl, Moritz Lipp and Daniel Gruss of the Graz University of Technology discovered that the previously identified Spectre Variant 1 vulnerability (CVE-2017-5753) could potentially be used against general applications which were previously assumed to be immune. Initial analysis for Spectre V1 assumed it could only be exploited against applications which allowed remote code execution, however it was discovered that there exist a number of potential Spectre gadgets in existing applications which can be used to form a low bit-rate speculative-execution based side-channel attack to read the contents of memory across a network. The same mitigation strategy as applies with respect to CVE-2017-5753 -- utilize LFENCE as a barrier between bounds check and load to ensure that the bounds check operation completes before the load is executed. Analysis is ongoing to see whether additional code locations require LFENCE placements. Users should update their systems regularly to ensure that they have the latest security fixes in place. The LFENCE instruction was added via microcode. Users should ensure that they are utilizing the latest microcode to ensure that side channel remediations are in place.
For more information on these issues, please see the following reference documents:
Intel Analysis of Speculative Execution Side Channels Revision 4.0, Updated July 2018
- 2018 Jul 26 at 22:00 UTC: the issue is made public