Speculative Store Bypass (SSB) ( CVE- 2018-3639) is the name given to a hardware security vulnerability and its exploitation that takes advantage of speculative execution in a similar way to the Meltdown and Spectre security vulnerabilities. [1] It affects the ARM, AMD and Intel families of processors. It was discovered by researchers at Microsoft Security Response Center and Google Project Zero (GPZ). [2] After being leaked on 3 May 2018 as part of a group of eight additional Spectre-class flaws provisionally named Spectre-NG, [3] [4] [5] [6] it was first disclosed to the public as "Variant 4" on 21 May 2018, alongside a related speculative execution vulnerability designated " Variant 3a". [7] [1]
Speculative execution exploit Variant 4, [8] is referred to as Speculative Store Bypass (SSB), [1] [9] and has been assigned CVE- 2018-3639. [7] SSB is named Variant 4, but it is the fifth variant in the Spectre-Meltdown class of vulnerabilities. [7]
Steps involved in exploit: [1]
Intel claims that web browsers that are already patched to mitigate Spectre Variants 1 and 2 are partially protected against Variant 4. [7] Intel said in a statement that the likelihood of end users being affected was "low" and that not all protections would be on by default due to some impact on performance. [10] The Chrome JavaScript team confirmed that effective mitigation of Variant 4 in software is infeasible, in part due to performance impact. [11]
Intel is planning to address Variant 4 by releasing a microcode patch that creates a new hardware flag named Speculative Store Bypass Disable (SSBD). [7] [2] [12] A stable microcode patch is yet to be delivered, with Intel suggesting that the patch will be ready "in the coming weeks"[ needs update]. [7] Many operating system vendors will be releasing software updates to assist with mitigating Variant 4; [13] [2] [14] however, microcode/ firmware updates are required for the software updates to have an effect. [13]
Vulnerability | CVE | Exploit name | Public vulnerability name | CVSS v2.0 | CVSS v3.0 |
---|---|---|---|---|---|
Spectre | 2017-5753 | Variant 1 | Bounds Check Bypass (BCB) | 4.7 | 5.6 |
Spectre | 2017-5715 | Variant 2 | Branch Target Injection (BTI) | 4.7 | 5.6 |
Meltdown | 2017-5754 | Variant 3 | Rogue Data Cache Load (RDCL) | 4.7 | 5.6 |
Spectre-NG | 2018-3640 | Variant 3a | Rogue System Register Read (RSRR [18]) | 4.7 | 5.6 |
Spectre-NG | 2018-3639 | Variant 4 | Speculative Store Bypass (SSB) | 4.9 | 5.5 |
Spectre-NG | 2018-3665 | Lazy FP State Restore | 4.7 | 5.6 | |
Spectre-NG | 2018-3693 | Bounds Check Bypass Store (BCBS) | 4.7 | 5.6 | |
Foreshadow | 2018-3615 | Variant 5 | L1 Terminal Fault (L1TF) | 5.4 | 6.4 |
Foreshadow-NG | 2018-3620 | 4.7 | 5.6 | ||
Foreshadow-NG | 2018-3646 | 4.7 | 5.6 |
Speculative Store Bypass (SSB) ( CVE- 2018-3639) is the name given to a hardware security vulnerability and its exploitation that takes advantage of speculative execution in a similar way to the Meltdown and Spectre security vulnerabilities. [1] It affects the ARM, AMD and Intel families of processors. It was discovered by researchers at Microsoft Security Response Center and Google Project Zero (GPZ). [2] After being leaked on 3 May 2018 as part of a group of eight additional Spectre-class flaws provisionally named Spectre-NG, [3] [4] [5] [6] it was first disclosed to the public as "Variant 4" on 21 May 2018, alongside a related speculative execution vulnerability designated " Variant 3a". [7] [1]
Speculative execution exploit Variant 4, [8] is referred to as Speculative Store Bypass (SSB), [1] [9] and has been assigned CVE- 2018-3639. [7] SSB is named Variant 4, but it is the fifth variant in the Spectre-Meltdown class of vulnerabilities. [7]
Steps involved in exploit: [1]
Intel claims that web browsers that are already patched to mitigate Spectre Variants 1 and 2 are partially protected against Variant 4. [7] Intel said in a statement that the likelihood of end users being affected was "low" and that not all protections would be on by default due to some impact on performance. [10] The Chrome JavaScript team confirmed that effective mitigation of Variant 4 in software is infeasible, in part due to performance impact. [11]
Intel is planning to address Variant 4 by releasing a microcode patch that creates a new hardware flag named Speculative Store Bypass Disable (SSBD). [7] [2] [12] A stable microcode patch is yet to be delivered, with Intel suggesting that the patch will be ready "in the coming weeks"[ needs update]. [7] Many operating system vendors will be releasing software updates to assist with mitigating Variant 4; [13] [2] [14] however, microcode/ firmware updates are required for the software updates to have an effect. [13]
Vulnerability | CVE | Exploit name | Public vulnerability name | CVSS v2.0 | CVSS v3.0 |
---|---|---|---|---|---|
Spectre | 2017-5753 | Variant 1 | Bounds Check Bypass (BCB) | 4.7 | 5.6 |
Spectre | 2017-5715 | Variant 2 | Branch Target Injection (BTI) | 4.7 | 5.6 |
Meltdown | 2017-5754 | Variant 3 | Rogue Data Cache Load (RDCL) | 4.7 | 5.6 |
Spectre-NG | 2018-3640 | Variant 3a | Rogue System Register Read (RSRR [18]) | 4.7 | 5.6 |
Spectre-NG | 2018-3639 | Variant 4 | Speculative Store Bypass (SSB) | 4.9 | 5.5 |
Spectre-NG | 2018-3665 | Lazy FP State Restore | 4.7 | 5.6 | |
Spectre-NG | 2018-3693 | Bounds Check Bypass Store (BCBS) | 4.7 | 5.6 | |
Foreshadow | 2018-3615 | Variant 5 | L1 Terminal Fault (L1TF) | 5.4 | 6.4 |
Foreshadow-NG | 2018-3620 | 4.7 | 5.6 | ||
Foreshadow-NG | 2018-3646 | 4.7 | 5.6 |