Versions Compared

Old Version 17

changes.mady.by.user user-8b192

Saved on

compared with

New Version 18

changes.mady.by.user Garret Wassermann

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add NetSpectre

...

PublicCVEAlias(es)CPUs AffectedSpeculative TriggerImpactMitigationsReferences
Jan 3, 2018CVE-2017-5753

Spectre V1

NetSpectre (remote network attack vector)

Intel
ARM		Branch prediction bounds check bypassCross- and intra-process (including kernel) memory disclosure

OS

Compiler

Browser

https://www.kb.cert.org/vuls/id/584653

https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

Jan 3, 2018CVE-2017-5715Spectre V2Intel
AMD
ARM		Branch target injectionCross- and intra-process (including kernel) memory disclosureMicrocode

https://www.kb.cert.org/vuls/id/584653

https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

https://www.amd.com/en/corporate/security-updates
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

Jan 3, 2018CVE-2017-5754

Spectre V3

Meltdown

IntelOut-of-order executionKernel memory disclosure to userspaceOShttps://www.kb.cert.org/vuls/id/584653
https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html
May 21, 2018CVE-2018-3640Spectre V3a (RSRE)Intel
ARM		System register readDisclosure of system register valuesMicrocode

https://www.kb.cert.org/vuls/id/180049

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html

https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

May 21, 2018CVE-2018-3639Spectre V4 (SSB)Intel
AMD
ARM

Memory reads before prior memory write addresses knownCross- and intra-process (including kernel) memory disclosure

OS

Microcode

https://www.kb.cert.org/vuls/id/180049

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
https://www.amd.com/en/corporate/security-updates

https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

Jun 13, 2018CVE-2018-3665Lazy FPIntelLazy FPU state restoreLeak of FPU stateOShttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
July 10, 2018CVE-2017-5753Spectre1.1Intel

Bounds check bypass

Speculative buffer overflow

Cross- and intra-process (including kernel) memory disclosure

OShttps://01.org/security/advisories/intel-oss-10002
July 10, 2018CVE-2018-3693Spectre1.2IntelBounds check bypass store

Overwrite read-only data and pointers

Cross- and intra-process (including kernel) memory disclosure

OS

https://01.org/security/advisories/intel-oss-10002

https://arxiv.org/abs/1807.03757

...

Spectre V1 has also been demonstrated to access protections provided by the System Management Range Register (SMRR) to access protected System Management Mode (SMM) memory.
https://blog.eclypsium.com/2018/05/17/system-management-mode-speculative-execution-attacks/

Spectre V1 has also been demonstrated vulnerable to attacks directly over the network rather than through local code execution such as JavaScript. This remote attack is known as NetSpectre.
https://misc0110.net/web/files/netspectre.pdf

Lazy FP

Lazy FP may particularly expose AES keys:

...