Recently discovered vulnerabilities present in practically every processor manufactured in the past two decades have caused quite the headache, for both companies like Intel and AMD, and end users who have to balance software patches with performance penalties. Just when we thought we could exhale (even if just a little bit), security researchers from Princeton University and NVIDIA have found new ways of exploiting Meltdown and Spectre, and upcoming hardware changes might prove futile to these new methods.
The researchers outlined their findings in a paper (PDF) titled "MeldownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols." That's quite the mouthful, and unless you're really into this sort of thing, it's a lot of dry reading. The gist of it, however, is that there are new variants of Meltdown and Spectre that hardware makers will have to take into consideration when designing future processors.
"We believe that microarchitectural mitigation of our Prime variants will require new considerations. Where Meltdown and Spectre arise by polluting the cache during speculation, MeltdownPrime and SpectrePrime are caused by write requests being sent out speculatively in a system that uses an invalidation-based coherence protocol," the researchers stated in their report.
The new methods they discovered are two-core attacks that essentially pit two CPU cores against each other, while leveraging the way memory is accessed in a multi-core setup. It gets pretty technical, but the end result is that exploiting these variants allows an attacker to access leaked memory at the same granularity as the original Meltdown and Spectre exploits, using a side-channel attack.
"Where Meltdown and Spectre arise by polluting the cache during speculation, MeltdownPrime and SpectrePrime are caused by write requests being sent out speculatively in a system that uses an invalidation-based coherence protocol," the paper states.
Fortunately all the hoopla surrounding Spectre and Meltdown have so far not resulted in any real world attacks, at least that anyone is aware of. That is likely to change at some point, however, as security researchers have already developed proof-of-concept exploits.