Speculative Store Bypass (SSB) (
CVE-
2018-3639) is the name given to a hardware security vulnerability and its exploitation that takes advantage of
speculative execution in a similar way to the
Meltdown and
Spectre security vulnerabilities.[1] It affects the
ARM,
AMD and
Intel families of processors. It was discovered by researchers at
Microsoft Security Response Center and
Google Project Zero (GPZ).[2] After being leaked on 3 May 2018 as part of a group of eight additional Spectre-class flaws provisionally named Spectre-NG,[3][4][5][6] it was first disclosed to the public as "Variant 4" on 21 May 2018, alongside a related speculative execution vulnerability designated "
Variant 3a".[7][1]
Details
Speculative execution exploit Variant 4,[8] is referred to as Speculative Store Bypass (SSB),[1][9] and has been assigned
CVE-
2018-3639.[7] SSB is named Variant 4, but it is the fifth variant in the Spectre-Meltdown class of vulnerabilities.[7]
"Quickly" load that value from that memory location
Utilize the value that was just read to disrupt the cache in a detectable way
Impact and mitigation
Intel claims that web browsers that are already patched to mitigate Spectre Variants 1 and 2 are partially protected against Variant 4.[7] Intel said in a statement that the likelihood of end users being affected was "low" and that not all protections would be on by default due to some impact on performance.[10] The Chrome JavaScript team confirmed that effective mitigation of Variant 4 in software is infeasible, in part due to performance impact.[11]
Intel is planning to address Variant 4 by releasing a
microcode patch that creates a new hardware flag named Speculative Store Bypass Disable (SSBD).[7][2][12] A
stable microcode patch is yet to be delivered, with Intel suggesting that the patch will be ready "in the coming weeks"[needs update].[7] Many operating system vendors will be releasing software updates to assist with mitigating Variant 4;[13][2][14] however, microcode/
firmware updates are required for the software updates to have an effect.[13]