Sunday May 27, 2018

Spectre Variant 4 Disclosed, Mitigations to Result in Another Performance Hit

Another variant of Spectre was disclosed this week by Microsoft, Google, AMD, ARM, Intel, and Red Hat. Variant 4, labeled "Speculative Store Bypass," allows hackers to read older system values in a CPU stack or other memory locations. Intel’s microcode fixes will result in a performance hit of 2-8%, and the company’s hardware-based safeguard, "virtual fences," will not protect against Variant 4 at all.

News Image

Patrick Moorhead, principal analyst at Moor Insights and Strategy, said that Variant 4 would be much harder to "fix" architecturally than V1, V2, or V3a. "You either have to turn memory disambiguation on or off, which will be a BIOS setting," he told Threatpost in an email. "It’s important to note that browsers have already included mitigations and that from a severity standpoint, has been flagged as ‘medium’ severity, compared to V1, V2, and V3, which were flagged as ‘high.'"

Discussion