More Spectre-Style Chip Flaws Discovered in Intel Processors

From the IP mailing list:

More waves of patches to plug security holes in processors are on the way, after the discovery that Intel is working to patch more Spectre-style issues in its chips, with eight new vulnerabilities said to be found by security researchers following the Spectre and Meltdown fiasco from earlier this year.

Multiple research teams found the eight new security flaws in Intel’s CPUs, reports german publication c’t. It is claimed the discoveries are all caused by the same design-related issue, with each equipped with their own listing in the Common Vulnerability Enumerator (CVE) directory, and requiring their own patches.

As is typical for vulnerabilities, the researchers disclosed the issues to Intel, giving the chip producer time to create a patch before a public disclosure can occur. Google Project Zero, the search company’s own research team, is said to be quite strict about its 90-day disclosure deadline, meaning the first official disclosure of one of the flaws could happen as soon as May 7.

According to the report, Intel is planning two waves of patches to fix the problems, with the first set to start in May while a second is scheduled for sometime in August. It is also believed Microsoft is preparing its own patches, offered as optional Windows updates, while Linux kernel developers working on their own mitigation measures…