As discussed a few weeks ago, a new Spectre vulnerability has been shared and made public today. Earlier on it was reported that there are eight new vulnerabilities, grouped and named as Spectre-ng, of which four are critical. Today the Store Bypass (SSB) vulnerability has been published and effects Intel, AMD and ARM.
Researchers from Microsoft and Googles Project Zero now published information about one of the vulnerabilities, the so-called fourth variant Spectre vulnerability, which can cause security issues. A new subclass of speculative execution side channel vulnerabilities known as Speculative Store Bypass (SSB) has been announced and assigned CVE-2018-3639. Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel. An attacker who has successfully exploited this vulnerability may be able to read privileged data across trust boundaries. Vulnerable code patterns in the operating system (OS) or in applications could allow an attacker to exploit this vulnerability.
There are now four (published) variants of the Spectre vulnerability that can be used to read memory in processors that is not intended for that application, and thus can be abused.