MIT researchers found a new variant of the infamous Spectre security vulnerability, which creates speculative buffer overflows. Spectre1.1 (CVE-2018-3693), the new variant of the first Spectre security vulnerability unearthed earlier this year and later discovered to have multiple other variants. The new Spectre flaw leverages speculative stores to create speculative buffer overflows. Similar to the classic buffer overflow security flaws, the new Spectre vulnerability is also known as “Bounds Check Bypass Store” or BCBS to distinguish it from the original speculative execution attack. Spectre 1.1 affects billions of devices powered by modern processors, including those from Intel and AMD.
speculative buffer overflows allow local attackers to execute arbitrary untrusted code on the vulnerable system with microprocessors utilizing speculative execution and branch prediction to expose sensitive information via side-channel analysis and speculative buffer overflow.
In addition to the Spectre1.1 vulnerability, the security researchers have also introduced a Spectre1.2 flaw, another minor variant of the first Spectre vulnerability, which appears affect CPUs that don’t enforce read/write protections and depends on lazy PTE enforcement.
— source news.softpedia.com