A new variant of the “Spectre” CPU vulnerability has been discovered by security researchers Vladimir Kiriansky and Carl Waldspurger. This make them eligible for the $100,000 bounty Intel is offering researchers to sniff out vulnerabilities in their processors. This new vulnerability is chronicled under CVE-2018-3693, is among 12 new CVEs Intel will publish later this week. Intel has been said to announce that they will soon be offering quarterly CPU microcode updates.
The vulnerability targets the the speculative execution engine of the processor, in a bounds-check bypass store attack. A malicious program already running on the affected machine can alter function pointers and return addresses in the speculative execution engine, thereby redirecting the flow of data out of protected memory address-spaces, making it visible to malware. This data could be anything, including cryptographic keys, passwords, and other sensitive information. This behavior is like most other “Spectre” variants. Intel has published this vulnerability in section 2.2.1 of its revised speculative execution side-channel attacks whitepaper. The security researchers have also published a detailed whitepaper themselves.