Google and Microsoft Reveal New Spectre Attack
Both Google and Microsoft researchers discovered the bug independently. The bugs work similarly to the Meltdown and Spectre bugs, a reason why they were classified as ‘variant 3a’ and ‘variant 4’ instead of separate vulnerabilities altogether. Variant 3a is a variation of the Meltdown flaw, while Variant 4 is a new Spectre-like attack.
The most important of these two is Variant 4. Both bugs occur for the same reason —speculative execution— a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data. The difference is that Variant 4 affects a different part of the speculative execution process —the data inside the ‘store buffer’ inside a CPU’s cache.
Red Hat has published a YouTube video explaining how the bug affects modern CPUs.