Earlier this year, the cybersecurity community was alerted to significant vulnerabilities known as Meltdown and Spectre, affecting a wide range of modern processors. These vulnerabilities demonstrated that speculative execution attacks could be easily exploited, granting access to sensitive information stored within affected systems. Following this revelation, multiple variants of these attacks have emerged, including Spectre-NG, SpectreRSB, and several others, all of which have prompted vendors to issue patches to safeguard their systems.
Speculative execution is a fundamental technique used in processor design, allowing CPUs to execute instructions based on anticipated outcomes. If the predictions are correct, the process continues; if not, the results are discarded. Unfortunately, this technique opens the door to potential exploitation.
Recently, the same team of researchers that initially uncovered Meltdown and Spectre has identified seven additional transient execution attacks impacting major processor vendors such as Intel, AMD, and ARM. Among these discoveries, only some of the new threats have been mitigated by prior protective measures, leaving other avenues vulnerable.
The researchers report that these transient execution attacks have the capacity to leak previously inaccessible information by exploiting the microarchitectural state of the CPU, even from instructions that were never executed or committed. A systematic evaluation of existing defenses revealed that many of the newly identified attacks were either inadequately addressed by existing patches or missed entirely.
Two of the newly discovered attacks are considered variants of Meltdown, labeled Meltdown-PK (Protection Key Bypass) and Meltdown-BR (Bounds Check Bypass). Additionally, the new Spectre attacks exploit various strategies related to the Pattern History Table and Branch Target Buffer. These new attack vectors have serious implications for organizations relying on affected processing architectures.
In practical testing, all seven attacks were demonstrated against Intel, AMD, and ARM processors, with researchers confirming vulnerabilities across multiple architectures. For example, the evaluation included Intel’s Skylake i5-6200U and Haswell i7-4790, as well as AMD’s Ryzen 1950X and Threadripper 1920X.
The findings have been shared responsibly with affected vendors, leading to acknowledgment from both Intel and ARM. As the vendors work to address these vulnerabilities, the research team has decided to withhold their proof-of-concept exploits temporarily.
From a cybersecurity perspective, the attacks leverage tactics such as privilege escalation and exploitation of system vulnerabilities, which align with frameworks outlined in the MITRE ATT&CK Matrix. Organizations must remain vigilant to improve their defenses against these sophisticated transient execution attacks and reinforce their security postures accordingly.
For additional insights into the specifics of these attacks, a comprehensive research paper titled “A Systematic Evaluation of Transient Execution Attacks and Defenses” has been published, providing an in-depth analysis of the vulnerabilities that have surfaced. As the cybersecurity landscape continues to evolve, staying informed is critical for business owners seeking to safeguard their operations against emerging threats.
