Skip to content

May 22, 2018

New Spectre-like bug could mean more performance-degrading patches

by John_A

A new CPU bug that shares a number of similarities with the Spectre and Meltdown exploits which came to light earlier this year, has been discovered. Termed the Speculative Store Bypass, it already has fixes and firmware updates that have been shipped out to OEMs to distribute, but there is some concern that the patches will impact processor performance when applied.

Speculative Store Bypass is much closer in design to Spectre, in that it exploits the speculative aspect of modern CPUs which helps speed up certain calculations. As Microsoft and Google each discovered in their research though, that speculation is vulnerable to exterior attack and can be exploited to steal data and personal information from a system’s user. With that in mind, new fixes are being developed that will shut down that functionality in affected processors, but as a result, some calculations will take longer to complete — and in some cases, that impact can be significant.

Although the firmware updates are seen as somewhat unnecessary, as earlier improvements to CPU security to prevent against Spectre should provide adequate protection against the new exploit, Intel has provided a full mitigation firmware update as well. The update is currently being distributed by OEM partners, but the patch will not be enabled by default and it will be up to software providers to decide whether they want to use it or not.

“If enabled, we have observed a performance impact of approximately 2-8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client 1 and server 2 test systems,” Intel’s general manager of product assurance and security, Leslie Culberston said.

Considering that this newly announced flaw is harder to exploit than previous variations of the Spectre bug, it may be that most software providers do not choose to leverage the additional protections, as per The Verge. As with Spectre and Meltdown though, permanent fixes for the problem will only be possible through changes to the way the chips are designed and that will involve hardware alterations. Intel has promised that its next-generation CPUs will not be susceptible to these sorts of exploits.

Editors’ Recommendations

  • AMD says the patches for its recent Ryzen flaws are almost ready
  • Microsoft’s latest Windows 10 patch will address Spectre Variant 2 CPU flaw
  • Intel decides not to patch Spectre vulnerability for older processors
  • AMD has a fix for Spectre variant II, but will motherboard makers support it?
  • Intel’s 9th-generation ‘Ice Lake’ CPUs will have fixes for Meltdown, Spectre

Read more from News

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: