Three Attack Variants For Spectre And Meltdown
Security researchers have found three possible variants of side channel timing attacks that could let attackers gain access to data that they normally could not access and how they can be mitigated, said Intel's Singhal.
The first is the bounds check bypass, a fairly fundamental exploit that could let an attacker take advantage of existing code with access to privileged information and use it and abuse it to speculatively have access to information in memory they might normally not have access to, Singhal said. "We've been working with software partners on both the operating system side and the browser side for mitigations for the first exploit," he said.
The second variant is Branch Target Injection in which malicious code could find a way to redirect the internal structures inside the processor to speculatively execute code attackers want to see executed, Singhal said. Such an attack does not impact the basic function of the processor, but does allow the speculative attack to occur, he said. Mitigation is being done via microcode updates that provide a new interface between the operating system and the processor, which requires work on both the hardware and software sides, he said.
The final variant is Rogue Data Load which is the ability for an application to speculatively access memory that it normally does not have access to, Singhal said. Intel has already pushed patches to Linux to isolate the page tables between the kernel and the user space, he said.