Six months ago, we presented a webinar discussing a brand new class of security vulnerabilities targeting processor hardware called Meltdown and Spectre. In this webinar, we tried to explain that this is a new class of vulnerabilities and while Meltdown and Spectre were first samples, it is only question of time until we will see other attacks.
Fast forward to today and this prediction has proved to be spot on (not that it was that hard to predict) — we have over 10 different variants today. The list below is not complete — smaller variations that are not considered unique enough to have their own CVE number are not listed, for example SgxSpectre, BranchScope, MeltdownPrime and SpectrePrime…
|Vulnerability||CVE||Exploit name||Public vulnerability name|
|Spectre||2017-5753||Variant 1||Bounds Check Bypass (BCB)|
|Spectre||2017-5715||Variant 2||Branch Target Injection (BTI)|
|Meltdown||2017-5754||Variant 3||Rogue Data Cache Load (RDCL)|
|Spectre-NG||2018-3640||Variant 3a||Rogue System Register Read (RSRE)|
|Spectre-NG||2018-3639||Variant 4||Speculative Store Bypass (SSB)|
|Spectre-NG||2018-3665||–||Lazy FP State Restore|
|Spectre-NG||2018-3693||–||Bounds Check Bypass Store (BCBS)|
|Foreshadow||2018-3615||Variant 5||L1 Terminal Fault (L1TF)|
Join Ryan McClure and me on our free, one-hour webinar on October 25, 2018 where we will focus on the latest family of these security vulnerabilities: L1 Terminal Fault/Foreshadow and Foreshadow-NG.
We will discuss how they work, key differences among the three variants, what they mean for your Citrix infrastructure, how they impact user density, the most effective strategies to minimize the impact. We will also discuss what is the impact on different hypervisors, methods to reclaim lost user density and if there are any changes to sizing guidelines from our field consulting.
If you want to learn more, please join us on October 25 as we discuss the latest development of hardware vulnerabilities drama — including a live Q&A session!
Martin Zugec & Ryan McClure