词条 | Speculative Store Bypass | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
释义 |
DetailsSpeculative execution exploit Variant 4,[9] is referred to as Speculative Store Bypass (SSB),[11] and has been assigned CVE-2018-3639.[7] SSB is named Variant 4, but it is the fifth variant in the Spectre-Meltdown class of vulnerabilities.[7]
Impact and mitigationIntel claims that web browsers that are already patched to mitigate Spectre Variants 1 and 2 are partially protected against Variant 4.[7] Intel said in a statement that the likelihood of end users being affected was "low" and that not all protections would be on by default due to some impact on performance.[16] Intel is planning to address Variant 4 by releasing a microcode patch that creates a new hardware flag named Speculative Store Bypass Disable (SSBD).[7][2][19] A stable microcode patch is yet to be delivered, with Intel suggesting that the patch will be ready "in the coming weeks"{{Update inline|date=November 2018}}.[7] Many operating system vendors will be releasing software updates to assist with mitigating Variant 4;[21][2][23] however, microcode/firmware updates are required for the software updates to have an effect.[21] Speculative execution exploit variants
References1. ^{{cite web |title=CPU-Sicherheitslücken Spectre-NG: Updates rollen an Update |language=German |author-first=Christof |author-last=Windeck |date=2018-05-21 |work=Heise Security |url=https://www.heise.de/security/meldung/CPU-Sicherheitsluecken-Spectre-NG-Updates-rollen-an-4051900.html |access-date=2018-05-21 |dead-url=no |archive-url=https://web.archive.org/web/20180521231256/https://www.heise.de/security/meldung/CPU-Sicherheitsluecken-Spectre-NG-Updates-rollen-an-4051900.html |archive-date=2018-05-21}} [4][5][6][7][8][9][10][11][12][13][14][15][16]2. ^https://nvd.nist.gov/vuln/detail/CVE-2017-5753# 3. ^Sometimes misspelled "RSRE" 4. ^1 2 3 {{cite web |date=2018-05-21 |author=Ubuntu Community |url=https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 |title=Variant4 |access-date=2018-05-21 |dead-url=no |archive-url=https://web.archive.org/web/20180522065023/https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 |archive-date=2018-05-21}} 5. ^1 {{cite web |title=Super-GAU für Intel: Weitere Spectre-Lücken im Anflug |language=German |author-first=Jürgen |author-last=Schmidt |journal=c't - magazin für computertechnik |publisher=Heise online |date=2018-05-03 |url=https://www.heise.de/ct/artikel/Super-GAU-fuer-Intel-Weitere-Spectre-Luecken-im-Anflug-4039134.html |access-date=2018-05-03 |dead-url=no |archive-url=https://web.archive.org/web/20180505150707/https://www.heise.de/ct/artikel/Super-GAU-fuer-Intel-Weitere-Spectre-Luecken-im-Anflug-4039134.html |archive-date=2018-05-05}} {{cite web |title=Exclusive: Spectre-NG - Multiple new Intel CPU flaws revealed, several serious |author-first=Jürgen |author-last=Schmidt |journal=c't - magazin für computertechnik |publisher=Heise online |date=2018-05-03 |url=https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html |access-date=2018-05-04 |dead-url=no |archive-url=https://web.archive.org/web/20180505113543/https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html |archive-date=2018-05-05}} 6. ^1 {{cite web |title=Spectre-NG: Intel-Prozessoren von neuen hochriskanten Sicherheitslücken betroffen, erste Reaktionen von AMD und Intel |language=German |author-first=Martin |author-last=Fischer |journal=c't - magazin für computertechnik |publisher=Heise online |date=2018-05-03 |url=https://www.heise.de/security/meldung/Spectre-NG-Intel-Prozessoren-von-neuen-hochriskanten-Sicherheitsluecken-betroffen-4039302.html |access-date=2018-05-04 |dead-url=no |archive-url=https://web.archive.org/web/20180505131934/https://www.heise.de/security/meldung/Spectre-NG-Intel-Prozessoren-von-neuen-hochriskanten-Sicherheitsluecken-betroffen-4039302.html |archive-date=2018-05-05}} 7. ^1 {{cite web |author-last=Tung |author-first=Liam |title=Are 8 new 'Spectre-class' flaws about to be exposed? Intel confirms it's readying fixes |date=2018-05-04 |url=https://www.zdnet.com/article/are-8-new-spectre-class-flaws-about-to-be-exposed-intel-confirms-its-readying-fixes/ |website=ZDNet |access-date=2018-03-04 |dead-url=no |archive-url=https://web.archive.org/web/20180522152328/https://www.zdnet.com/article/are-8-new-spectre-class-flaws-about-to-be-exposed/ |archive-date=2018-05-22}} 8. ^1 {{cite web |title=8 New Spectre-Class Vulnerabilities (Spectre-NG) Found in Intel CPUs |date=2018-05-04 |author-first=Mohit |author-last=Kumar |work=The Hacker News |url=https://thehackernews.com/2018/05/intel-spectre-vulnerability.html |access-date=2018-05-05 |dead-url=no |archive-url=https://web.archive.org/web/20180505154309/https://thehackernews.com/2018/05/intel-spectre-vulnerability.html |archive-date=2018-05-05}} 9. ^1 {{cite web |title=Google and Microsoft disclose new CPU flaw, and the fix can slow machines down - New firmware updates are on the way |author-last=Warren |author-first=Tom |date=2018-05-21 |work=The Verge |url=https://www.theverge.com/2018/5/21/17377994/google-microsoft-cpu-vulnerability-speculative-store-bypass-variant-4 |access-date=2018-05-22 |dead-url=no |archive-url=https://web.archive.org/web/20180526084527/https://www.theverge.com/2018/5/21/17377994/google-microsoft-cpu-vulnerability-speculative-store-bypass-variant-4 |archive-date=2018-05-26}} 10. ^1 {{cite web |title=New Spectre-like bug could mean more performance-degrading patches |author-last=Martindale |author-first=Jon |date=2018-05-22 |work=Digital Trends |url=https://www.digitaltrends.com/computing/intel-spectre-like-bug-firmware/ |access-date=2018-05-22 |dead-url=no |archive-url=https://web.archive.org/web/20180526090443/https://www.digitaltrends.com/computing/intel-spectre-like-bug-firmware/ |archive-date=2018-05-26}} 11. ^1 2 3 4 5 6 7 {{cite web |title=Q2 2018 Speculative Execution Side Channel Update |date=2018-05-21 |publisher=Intel |url=https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html |access-date=2018-05-21 |dead-url=no |archive-url=https://web.archive.org/web/20180522064808/https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html |archive-date=2018-05-21}} 12. ^1 {{cite web |title=After Meltdown and Spectre, Another Scary Chip Flaw Emerges |author-first=Lily Hay |author-last=Newman |date=2018-05-21 |publisher=Wired |url=https://www.wired.com/story/speculative-store-bypass-spectre-meltdown-vulnerability/ |access-date=2018-05-26 |dead-url=no |archive-url=https://web.archive.org/web/20180526085509/https://www.wired.com/story/speculative-store-bypass-spectre-meltdown-vulnerability/ |archive-date=2018-05-26}} 13. ^1 {{cite web |publisher=Microsoft Security Response Center |title=Analysis and mitigation of speculative store bypass (CVE-2018-3639) |author-first=Matt |author-last=Miller |at=Speculative store bypass disable (SSBD) section |url=https://blogs.technet.microsoft.com/srd/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/ |access-date=2018-05-21 |dead-url=no |archive-url=https://web.archive.org/web/20180522070214/https://blogs.technet.microsoft.com/srd/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/ |archive-date=2018-05-21}} 14. ^1 2 {{cite web |at=Resolve tab |date=2018-05-21 |title=Kernel Side-Channel Attack using Speculative Store Bypass - CVE-2018-3639 |publisher=RedHat |url=https://access.redhat.com/security/vulnerabilities/ssbd |access-date=2018-05-22 |dead-url=no |archive-url=https://web.archive.org/web/20180522065511/https://access.redhat.com/security/vulnerabilities/ssbd |archive-date=2018-05-21}} 15. ^1 {{cite web |title=Vulnerability Note VU#180049 - CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks |date=2018-05-24 |orig-year=2018-05-21 |publisher=CERT |url=https://www.kb.cert.org/vuls/id/180049 |access-date=2018-05-26 |dead-url=no |archive-url=https://web.archive.org/web/20180526090207/https://www.kb.cert.org/vuls/id/180049 |archive-date=2018-05-26}} 16. ^1 {{cite web |title=Speculative Execution Side Channel Mitigations |version=Revision 2.0 |date=May 2018 |orig-year=January 2018 |id=Document Number: 336996-002 |publisher=Intel |url=https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf |access-date=2018-05-26}} }} External links
7 : Speculative execution security vulnerabilities|Computer security exploits|Hardware bugs|Side-channel attacks|2018 in computer science|X86 architecture|X86 memory management |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。