Super-GAU for Intel: More Spectre breaches in the approach
New holes and more patches - "Spectre Next Generation" is right around the corner. Researchers have already found eight new vulnerabilities in Intel processors, as evidenced by information exclusive to c't.
Each of the eight holes has its own number in the directory of all vulnerabilities (Common Vulnerability Enumerator, CVE) and each requires its own patches - they probably also get their own names. Until then, we call them together the Specter NG holes to differentiate them from the previously known problems.
Until now we only have precise information about Intel's processors and their patch plans. However, there are some indications that at least some ARM CPUs are also vulnerable. Further research into whether and to what extent the closely related AMD processor architecture is vulnerable to the individual Spectre NG holes is already in progress.
Intel already works on some Spectre NG patches; others are developed in collaboration with the operating system manufacturers. When the first Spectre NG patches come is not yet clear. According to our information, Intel is planning two patch waves: a first one should start in May; a second is currently scheduled for August.
For at least one of the Spectre NG patches is already a specific date in the room: Google's Project Zero has again found one of the holes and on May 7 - the day before the Windows Patchday - expires the 90-day period, the they typically allow the manufacturer to publish. Google's elite hackers are quite uncompromising in terms of such dates and published after their expiry more often information on vulnerabilities for which the manufacturer had not finished patches. In a second hole, Intel even expects that information could come to the public at any time. For these two holes, patches should appear sooner rather than later.
Intel classifies four of the Spectre NG vulnerabilities as "high-risk"; the danger of the other four is only rated as medium. According to our own research, Specter-NG risks and attack scenarios are similar to those of Spectre - with one exception.
Heise added himself an English translation: