The German IT website C'T first reported the matter, and stated that it had obtained all the technical details from the researchers and verified it. In addition, Intel Corporation has also confirmed the existence of these loopholes and included them. 'Common Vulnerabilties and Exposures'.
The new hardware vulnerabilities have been named 'Spectre New Generation'. Intel believes that four of the eight vulnerabilities are serious threats, while the rest are moderate threats. Intel is developing patches for them.
C'T reported that one of the new vulnerabilities is more serious than the original Spectre vulnerability because it can be used to bypass virtual machine isolation and steal sensitive data such as passwords and digital keys from the cloud host system. Regardless of Intel's software protection extensions. Whether or not (SGX) is enabled, Spectre New Generation vulnerabilities can be exploited.
It is unclear whether AMD processors and chips under the ARM architecture are also vulnerable to Spectre New Generation attacks.
Security researchers at Google’s Project Zero team were found to have discovered one of the Spectre New Generation vulnerabilities. They may release technical details next week. There will be a strict 90-day confidential period to give vendors time to resolve issues.
For Intel and its technology partners (such as Microsoft), dealing with Spectre and Meltdown vulnerabilities on processors has always been difficult, because after applying the microcode patch, users report that the system is unstable and performance is slow.
These vulnerabilities stem from hardware design flaws and allow attackers to read data in memory. Thousands of new and old processors are vulnerable to vulnerabilities. Intel has promised to restructure its processors to prevent Spectre and Meltdown from recurring. Loopholes.