Last month, security vulnerabilities in Intel and other tech companies’ CPUs was discovered that affects nearly every major platform.
Anxiousness surrounding the Meltdown/Spectre vulnerabilities has led researchers to look for new ways to exploit the vulnerabilities that go beyond proof-of-concept. And a team comprised of researchers from NVIDIA and Princeton University has released a report that finds new exploitations.
In the report, the researchers refer to the new vulnerabilities as “MeltdownPrime” and “SpectrePrime” and it states:
“In the context of Spectre and Meltdown, leveraging coherence invalidations enables a Prime+Probe at- tack to achieve the same level of precision as a Flush+Reload attack and leak the same type of information. By exploiting cache invalidations, MeltdownPrime and SpectrePrime—two variants of Meltdown and Spectre, respectively— can leak victim memory at the same granularity as Meltdown and Spectre while using a Prime+Probe timing side-channel.”
Essentially, the vulnerabilities pit two CPU cores against one another to trick multi-core systems and gain access to cached data.
Fortunately, the software patches that are being rolled out are likely to address the newly reported vulnerabilities. However, the researchers state in the report that they believe “microarchitectural mitigation of our Prime variants [of the vulnerabilities] will require new considerations”, meaning hardware changes will be required.
Read the entire report from NVIDIA and Princeton researchers here: arxiv.org/pdf/1802.03802.pdf. We will keep you updated on any new developments in this story.