HOME

TheInfoList



Click Here for Items Related To - Speculative Store Bypass
OR:
Speculative Store Bypass on:   [Wikipedia]   [Google]   [Amazon]

Speculative Store Bypass (SSB) () is the name given to a hardware security vulnerability and its exploitation that takes advantage of
speculative execution Speculative execution is an optimization technique where a computer system performs some task that may not be needed. Work is done before it is known whether it is actually needed, so as to prevent a delay that would have to be incurred by doing ...
in a similar way to the
Meltdown Meltdown may refer to: Science and technology * Nuclear meltdown, a severe nuclear reactor accident * Meltdown (security vulnerability), affecting computer processors * Mutational meltdown, in population genetics Arts and entertainment Music * ...
and
Spectre Spectre, specter or the spectre may refer to: Religion and spirituality * Vision (spirituality) * Apparitional experience * Ghost Arts and entertainment Film and television * ''Spectre'' (1977 film), a made-for-television film produced and writ ...
security vulnerabilities. It affects the
ARM In human anatomy, the arm refers to the upper limb in common usage, although academically the term specifically means the upper arm between the glenohumeral joint (shoulder joint) and the elbow joint. The distal part of the upper limb between t ...
,
AMD Advanced Micro Devices, Inc. (AMD) is an American multinational semiconductor company based in Santa Clara, California, that develops computer processors and related technologies for business and consumer markets. While it initially manufact ...
and
Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California, Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the devel ...
families of processors. It was discovered by researchers at
Microsoft Security Response Center Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services. Headquartered at the Microsoft campus in Redmond, Washington, Microsoft' ...
and
Google Project Zero Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. It was announced on 15 July 2014. History After finding a number of flaws in software used by many end-users while researching other p ...
(GPZ). After being leaked on 3 May 2018 as part of a group of eight additional Spectre-class flaws provisionally named '' Spectre-NG'', it was first disclosed to the public as "Variant 4" on 21 May 2018, alongside a related speculative execution vulnerability designated " Variant 3a".


Details

Speculative execution exploit Variant 4, is referred to as Speculative Store Bypass (SSB), and has been assigned . SSB is named Variant 4, but it is the fifth variant in the Spectre-Meltdown class of vulnerabilities. Steps involved in exploit: # "Slowly" store a value at a memory location # "Quickly" load that value from that memory location # Utilize the value that was just read to disrupt the cache in a detectable way


Impact and mitigation

Intel claims that web browsers that are already patched to mitigate Spectre Variants 1 and 2 are partially protected against Variant 4. Intel said in a statement that the likelihood of end users being affected was "low" and that not all protections would be on by default due to some impact on performance. The Chrome JavaScript team confirmed that effective mitigation of Variant 4 in software is infeasible, in part due to performance impact. Intel is planning to address Variant 4 by releasing a
microcode In processor design, microcode (μcode) is a technique that interposes a layer of computer organization between the central processing unit (CPU) hardware and the programmer-visible instruction set architecture of a computer. Microcode is a la ...
patch that creates a new hardware flag named '' Speculative Store Bypass Disable (SSBD)''. A stable microcode patch is yet to be delivered, with Intel suggesting that the patch will be ready "in the coming weeks". Many operating system vendors will be releasing software updates to assist with mitigating Variant 4; however, microcode/
firmware In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide ...
updates are required for the software updates to have an effect.


Speculative execution exploit variants


References


See also

* Transient execution CPU vulnerabilities


External links


Website detailing the Meltdown and Spectre vulnerabilities, hosted by Graz University of Technology




Gibson Research Corporation Steven "Steve Tiberius" Gibson (born March 26, 1955) is an American software engineer, security researcher, and IT security proponent. In the early 1980s, he worked on light pen technology for use with Apple and Atari systems, and in 1985, ...
{{Hacking in the 2010s Speculative execution security vulnerabilities Hardware bugs Side-channel attacks 2018 in computing X86 architecture X86 memory management