1. 1
  1. 2

    Other than quotes from an Intel (a.k.a. Chipzilla if you believe The Register) spokesperson announcing a quarterly disclosure cadence, the news here is the publication of CVE-2018-3693: “Speculative Buffer Overflows: Attacks and Defenses” by Vladimir Kiriansky and Carl Waldspurger:

    We introduce Spectre1.1, a new Spectre-v1 variant that leverages speculative stores to create speculative buffer over-flows. Much like classic buffer overflows, speculative out-of-bounds stores can modify data and code pointers. Data-value attacks can bypass some Spectre-v1 mitigations, either directly or by redirecting control flow. Control-flow attacks enable arbitrary speculative code execution, which can by-pass fence instructions and all other software mitigations for previous speculative-execution attacks. It is easy to construct return-oriented-programming (ROP) gadgets that can be used to build alternative attack payloads.

    We also present Spectre1.2: on CPUs that do not enforce read/write protections, speculative stores can overwrite read-only data and code pointers to breach sandboxes.