Vulnerability: Variants 3a and 4 of Side Channel Vulnerabilities

On May 21st, two vulnerabilities (CVE-2018-3640 –  Variant 3A- Rogue System Register Read and CVE-2018-3639 – Variant 4 – Speculative Store Bypass) were publicly disclosed.  These vulnerabilities indicate new variants of the Spectre and Meltdown class of hardware vulnerabilities and use “side-channel attacks” against speculative execution on many CPU architectures. Each of the vulnerabilities, Variants 3a and 4, attempt to exploit AMD, ARM and Intel CPUs. The effects vary from vendor to vendor. Details are scarce at this time on how an attacker would use these vulnerabilities in practical attacks.

A “side-channel attack,” targets the implementation of a computer system rather than the actual implemented software or algorithm.  The Spectre and Meltdown class of vulnerabilities use cache side-channel attacks, or monitor the cache within CPUs, to gain access to sensitive information that was previously unavailable through normal access.  Variant 3a uses a method of exploitation known as “Rogue System Register Read,” while Variant 4 uses an attack called speculative store bypass. Both vulnerabilities are highly complex and take advantage of various features of the “speculative execution” within various CPU architectures. Both if executed properly could result in unauthorized access to information within a system’s memory, such as passwords or other sensitive data.

The Proficio Threat Intelligence Recommendations:

  • Stay tuned for any type of practical attack that is being carried out in the wild against organizations leveraging these vulnerabilities. Note that these are difficult and complex vulnerabilities to leverage in practical attacks.
  • Apply standard patches and updates to both hardware, software, and operating systems that would mitigate risks of these vulnerabilities.

General Info – Click Here

Recent Blog Posts

Stay Ahead of Evolving Threats

Signup for our free newsletter and receive invaluable threat notifications from our Threat Intelligence team.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.


Experience Tomorrow’s
Security Today

Request a Demo and Experience Proficio's
Innovative Solutions in Action.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.