2018
03.05
New high-risk vulnerabilities in Intel processors

The previous processor attack scenarios Specter and Meltdown are just the tip of the iceberg: Intel processors contain eight other, previously unknown vulnerabilities, some of which are much more serious than Meltdown and Specter. The new vulnerabilities have already been assigned numbers in the Vulnerability Enumerator (CVE) directory; they probably also get their own names. Until these become known, these are collectively called Specter Next Generation (Specter NG).

Massive threat to cloud providers
For four of the eight gaps Intel classifies the danger as high-risk, the remaining four as “medium”. Experts believe that one of the Specter NG gaps has a much greater threat potential than the known Specter gaps – it can be exploited across the boundaries of virtual machines for attacks. Attackers could execute their malicious code in a virtual machine and attack the host system from there. This poses an enormous security risk for cloud hosters, for example – passwords and secret keys for data transmission are in acute danger. In addition, Intel’s Software Guard Extensions to protect sensitive data are not Specter-safe.

CPU architecture as a problem
Users now rely on patches – and Intel needs to rethink its overall CPU design. In addition, the processor vendor has to provide more transparency than before – with risk analysis for potential vulnerabilities, for example.

back