请输入您要查询的百科知识:

 

词条 Speculative Store Bypass
释义

  1. Details

  2. Impact and mitigation

  3. Speculative execution exploit variants

  4. References

  5. External links

Speculative Store Bypass (SSB) ({{CVE|2018-3639}}) is the name given to a hardware security vulnerability and its exploitation that takes advantage of speculative execution in a similar way to the Meltdown and Spectre security vulnerabilities. It affects the ARM, AMD and Intel families of processors. It was discovered by researchers at Microsoft Security Response Center and Google Project Zero (GPZ).[2] After being leaked on May 3, 2018 as part of a group of eight additional Spectre-class flaws provisionally named Spectre-NG,[3][4][5][6] it was first disclosed to the public as "Variant 4" on May 21, 2018, alongside a related speculative execution vulnerability designated "Variant 3a".[7]

Details

Speculative execution exploit Variant 4,[9] is referred to as Speculative Store Bypass (SSB),[11] and has been assigned CVE-2018-3639.[7] SSB is named Variant 4, but it is the fifth variant in the Spectre-Meltdown class of vulnerabilities.[7]

Steps involved in exploit:

  1. "Slowly" store a value at a memory location
  2. "Quickly" load that value from that memory location
  3. Utilize the value that was just read to disrupt the cache in a detectable way

Impact and mitigation

Intel claims that web browsers that are already patched to mitigate Spectre Variants 1 and 2 are partially protected against Variant 4.[7] Intel said in a statement that the likelihood of end users being affected was "low" and that not all protections would be on by default due to some impact on performance.[16]

Intel is planning to address Variant 4 by releasing a microcode patch that creates a new hardware flag named Speculative Store Bypass Disable (SSBD).[7][2][19] A stable microcode patch is yet to be delivered, with Intel suggesting that the patch will be ready "in the coming weeks"{{Update inline|date=November 2018}}.[7] Many operating system vendors will be releasing software updates to assist with mitigating Variant 4;[21][2][23] however, microcode/firmware updates are required for the software updates to have an effect.[21]

Speculative execution exploit variants

Summary of speculative execution variants[25][7][1][2]
Vulnerability CVE Exploit name Public vulnerability name CVSS v2.0 CVSS v3.0
Spectre 2017-5753 Variant 1 Bounds Check Bypass (BCB) 4.7 5.6
Spectre 2017-5715 Variant 2 Branch Target Injection (BTI) 4.7 5.6
Meltdown 2017-5754 Variant 3 Rogue Data Cache Load (RDCL) 4.7 5.6
Spectre-NG 2018-3640 Variant 3a Rogue System Register Read (RSRR[3]) 4.7 5.6
Spectre-NG 2018-3639 Variant 4 Speculative Store Bypass (SSB) 4.9 5.5
Spectre-NG 2018-3665 Lazy FP State Restore 4.7 5.6
Spectre-NG 2018-3693 Bounds Check Bypass Store (BCBS) 4.7 5.6
Foreshadow 2018-3615 Variant 5 L1 Terminal Fault (L1TF) 5.4 6.4
Foreshadow-NG 2018-3620 4.7 5.6
Foreshadow-NG 2018-3646 4.7 5.6

References

1. ^{{cite web |title=CPU-Sicherheitslücken Spectre-NG: Updates rollen an Update |language=German |author-first=Christof |author-last=Windeck |date=2018-05-21 |work=Heise Security |url=https://www.heise.de/security/meldung/CPU-Sicherheitsluecken-Spectre-NG-Updates-rollen-an-4051900.html |access-date=2018-05-21 |dead-url=no |archive-url=https://web.archive.org/web/20180521231256/https://www.heise.de/security/meldung/CPU-Sicherheitsluecken-Spectre-NG-Updates-rollen-an-4051900.html |archive-date=2018-05-21}}
2. ^https://nvd.nist.gov/vuln/detail/CVE-2017-5753#
3. ^Sometimes misspelled "RSRE"
4. ^{{cite web |date=2018-05-21 |author=Ubuntu Community |url=https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 |title=Variant4 |access-date=2018-05-21 |dead-url=no |archive-url=https://web.archive.org/web/20180522065023/https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 |archive-date=2018-05-21}}
5. ^{{cite web |title=Super-GAU für Intel: Weitere Spectre-Lücken im Anflug |language=German |author-first=Jürgen |author-last=Schmidt |journal=c't - magazin für computertechnik |publisher=Heise online |date=2018-05-03 |url=https://www.heise.de/ct/artikel/Super-GAU-fuer-Intel-Weitere-Spectre-Luecken-im-Anflug-4039134.html |access-date=2018-05-03 |dead-url=no |archive-url=https://web.archive.org/web/20180505150707/https://www.heise.de/ct/artikel/Super-GAU-fuer-Intel-Weitere-Spectre-Luecken-im-Anflug-4039134.html |archive-date=2018-05-05}} {{cite web |title=Exclusive: Spectre-NG - Multiple new Intel CPU flaws revealed, several serious |author-first=Jürgen |author-last=Schmidt |journal=c't - magazin für computertechnik |publisher=Heise online |date=2018-05-03 |url=https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html |access-date=2018-05-04 |dead-url=no |archive-url=https://web.archive.org/web/20180505113543/https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html |archive-date=2018-05-05}}
6. ^{{cite web |title=Spectre-NG: Intel-Prozessoren von neuen hochriskanten Sicherheitslücken betroffen, erste Reaktionen von AMD und Intel |language=German |author-first=Martin |author-last=Fischer |journal=c't - magazin für computertechnik |publisher=Heise online |date=2018-05-03 |url=https://www.heise.de/security/meldung/Spectre-NG-Intel-Prozessoren-von-neuen-hochriskanten-Sicherheitsluecken-betroffen-4039302.html |access-date=2018-05-04 |dead-url=no |archive-url=https://web.archive.org/web/20180505131934/https://www.heise.de/security/meldung/Spectre-NG-Intel-Prozessoren-von-neuen-hochriskanten-Sicherheitsluecken-betroffen-4039302.html |archive-date=2018-05-05}}
7. ^{{cite web |author-last=Tung |author-first=Liam |title=Are 8 new 'Spectre-class' flaws about to be exposed? Intel confirms it's readying fixes |date=2018-05-04 |url=https://www.zdnet.com/article/are-8-new-spectre-class-flaws-about-to-be-exposed-intel-confirms-its-readying-fixes/ |website=ZDNet |access-date=2018-03-04 |dead-url=no |archive-url=https://web.archive.org/web/20180522152328/https://www.zdnet.com/article/are-8-new-spectre-class-flaws-about-to-be-exposed/ |archive-date=2018-05-22}}
8. ^{{cite web |title=8 New Spectre-Class Vulnerabilities (Spectre-NG) Found in Intel CPUs |date=2018-05-04 |author-first=Mohit |author-last=Kumar |work=The Hacker News |url=https://thehackernews.com/2018/05/intel-spectre-vulnerability.html |access-date=2018-05-05 |dead-url=no |archive-url=https://web.archive.org/web/20180505154309/https://thehackernews.com/2018/05/intel-spectre-vulnerability.html |archive-date=2018-05-05}}
9. ^{{cite web |title=Google and Microsoft disclose new CPU flaw, and the fix can slow machines down - New firmware updates are on the way |author-last=Warren |author-first=Tom |date=2018-05-21 |work=The Verge |url=https://www.theverge.com/2018/5/21/17377994/google-microsoft-cpu-vulnerability-speculative-store-bypass-variant-4 |access-date=2018-05-22 |dead-url=no |archive-url=https://web.archive.org/web/20180526084527/https://www.theverge.com/2018/5/21/17377994/google-microsoft-cpu-vulnerability-speculative-store-bypass-variant-4 |archive-date=2018-05-26}}
10. ^{{cite web |title=New Spectre-like bug could mean more performance-degrading patches |author-last=Martindale |author-first=Jon |date=2018-05-22 |work=Digital Trends |url=https://www.digitaltrends.com/computing/intel-spectre-like-bug-firmware/ |access-date=2018-05-22 |dead-url=no |archive-url=https://web.archive.org/web/20180526090443/https://www.digitaltrends.com/computing/intel-spectre-like-bug-firmware/ |archive-date=2018-05-26}}
11. ^{{cite web |title=Q2 2018 Speculative Execution Side Channel Update |date=2018-05-21 |publisher=Intel |url=https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html |access-date=2018-05-21 |dead-url=no |archive-url=https://web.archive.org/web/20180522064808/https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html |archive-date=2018-05-21}}
12. ^{{cite web |title=After Meltdown and Spectre, Another Scary Chip Flaw Emerges |author-first=Lily Hay |author-last=Newman |date=2018-05-21 |publisher=Wired |url=https://www.wired.com/story/speculative-store-bypass-spectre-meltdown-vulnerability/ |access-date=2018-05-26 |dead-url=no |archive-url=https://web.archive.org/web/20180526085509/https://www.wired.com/story/speculative-store-bypass-spectre-meltdown-vulnerability/ |archive-date=2018-05-26}}
13. ^{{cite web |publisher=Microsoft Security Response Center |title=Analysis and mitigation of speculative store bypass (CVE-2018-3639) |author-first=Matt |author-last=Miller |at=Speculative store bypass disable (SSBD) section |url=https://blogs.technet.microsoft.com/srd/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/ |access-date=2018-05-21 |dead-url=no |archive-url=https://web.archive.org/web/20180522070214/https://blogs.technet.microsoft.com/srd/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/ |archive-date=2018-05-21}}
14. ^{{cite web |at=Resolve tab |date=2018-05-21 |title=Kernel Side-Channel Attack using Speculative Store Bypass - CVE-2018-3639 |publisher=RedHat |url=https://access.redhat.com/security/vulnerabilities/ssbd |access-date=2018-05-22 |dead-url=no |archive-url=https://web.archive.org/web/20180522065511/https://access.redhat.com/security/vulnerabilities/ssbd |archive-date=2018-05-21}}
15. ^{{cite web |title=Vulnerability Note VU#180049 - CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks |date=2018-05-24 |orig-year=2018-05-21 |publisher=CERT |url=https://www.kb.cert.org/vuls/id/180049 |access-date=2018-05-26 |dead-url=no |archive-url=https://web.archive.org/web/20180526090207/https://www.kb.cert.org/vuls/id/180049 |archive-date=2018-05-26}}
16. ^{{cite web |title=Speculative Execution Side Channel Mitigations |version=Revision 2.0 |date=May 2018 |orig-year=January 2018 |id=Document Number: 336996-002 |publisher=Intel |url=https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf |access-date=2018-05-26}}
[4][5][6][7][8][9][10][11][12][13][14][15][16]
}}

External links

  • [https://spectreattack.com/ Website detailing the Meltdown and Spectre vulnerabilities, hosted by Graz University of Technology]
  • [https://googleprojectzero.blogspot.co.at/2018/01/reading-privileged-memory-with-side.html Google Project Zero write-up]
  • [https://www.grc.com/inspectre.htm Meltdown/Spectre Checker] Gibson Research Corporation
{{Speculative execution exploits}}{{Hacking in the 2010s}}

7 : Speculative execution security vulnerabilities|Computer security exploits|Hardware bugs|Side-channel attacks|2018 in computer science|X86 architecture|X86 memory management
随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/9/22 7:23:38