Intel Chips ‘At Risk’ To Eight New Spectre-Style Flaws

Processors from Intel may be vulnerable to a “high risk” attack similar to the “Spectre” issues disclosed in January – with the difference that it is easier to exploit.

German tech news magazine c’t reported that a series of newly discovered Spectre-style flaws indicate that the earlier chip-level bugs, first disclosed in January, were not a one-off problem.

Eight flaws making use of the same design flaw as Spectre have been reported to Intel by several teams of researchers, according to the report.

Intel has classified four of the bugs as “high risk”, with the other four ranking “medium”, c’t said.


Cloud server risk

Information on the flaws hasn’t yet been made public, but CVE bug identification numbers have been reserved, c’t said.

It said one of the bugs was discovered by Google’s Project Zero, which is due to disclose details on that issue on Monday under Google’s strict 90-day disclosure deadline scheme.

One of the bugs is more dangerous than any of the bugs disclosed in January, because it “can be exploited quite easily”, c’t said. The original Spectre flaws were relatively difficult to exploit.

This new flaw could allow an attacker who had compromised a virtual machine on a server to gain access to the host server, or to other virtual machines running on the same server.

That could make it particularly dangerous for the servers operated by cloud infrastructure providers such as Amazon Web Services (AWS). Such providers typically run large numbers of virtual machines, often belonging to multiple customers, on a single physical server.

ARM, AMD affected?

Though all eight bugs are Spectre-type flaws, each issue is likely to require a separate patch, the magazine reported. Intel’s previously released mitigations don’t work against the new bugs, c’t said.

The magazine said some ARM processors may be vulnerable. AMD confirmed it was aware of the issues and was investigating whether its architecture was affected.

Intel declined to confirm the report, but said the company “routinely” works with other organisations to mitigate issues when they’re reported.

“We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalise mitigations,” Intel said in a statement. “As a best practice, we continue to encourage everyone to keep their systems up-to-date.”

January’s Spectre and Meltdown bugs resulted in a chaotic patching effort from Intel, which was forced to withdraw some of its initial fixes after acknowledging they had rendered some systems unstable.

Patch pain

Yuriy Bulygin, a former Intel security researcher and head of hardware security firm Eclypsium, said similar problems are likely to be on the way as a result of the new discoveries.

“We should expect a long and painful cycle of updates, possibly even performance or stability issues,” he told Reuters. He added that publicity around the Meltdown and Spectre bugs had spurred research into similar issues by legitimate researchers as well as “bad actors”.

According to c’t, Intel is planning to address the eight new bugs with initial round of patches this month and another in August.

How well do you know the cloud? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

6 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

8 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

9 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

10 hours ago