New Spectre variants reportedly affect all Intel and AMD chips

News
By last updated

Researchers note that the new variants will be harder to mitigate

Spectre and meldown
(Image credit: Graz University of Technology)

Update: Intel has provided TechRadar Pro with the following statement.

Intel reviewed the report and informed researchers that existing mitigations were not being bypassed and that this scenario is addressed in our secure coding guidance. Software following our guidance already have protections against incidental channels including the uop cache incidental channel. No new mitigations or guidance are needed.”

Researchers have discovered multiple new variants of the Spectre exploits, affecting both Intel and AMD processors, that are not protected by existing mitigations.

Discovered by researchers from the University of Virginia and University of California San Diego, the vulnerabilities leak data via micro-op caches, which are meant to speed up processing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process. 

Worryingly, the researchers note there are currently no known mitigations for these new vulnerabilities. 

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

The team reported its discovery to both Intel and AMD in April, and will now present their findings at the International Symposium on Computer Architecture (ISCA) conference next month.

Harder to mitigate

Venkat’s team discovered that hackers can steal data when a processor fetches commands from the micro-op cache.

“Think about a hypothetical airport security scenario where TSA lets you in without checking your boarding pass because (1) it is fast and efficient, and (2) you will be checked for your boarding pass at the gate anyway,” Venkat said. 

“A computer processor does something similar. It predicts that the check will pass and could let instructions into the pipeline. Ultimately, if the prediction is incorrect, it will throw those instructions out of the pipeline,” explains Venkat. 

He adds that by the time the processor decides to discard the instructions, it might be too late since these instructions might have left “side-effects” in the pipeline that can be exploited by an attacker to infer confidential information such as passwords.

Venkat adds that the current mitigations fail to protect against this new attack vector since all current Spectre defenses kick in at a later stage of speculative execution.

Furthermore, the researchers believe this new attack by way of the micro-op cache will be harder to mitigate.

“Patches that disable the micro-op cache or halt speculative execution on legacy hardware would effectively roll back critical performance innovations in most modern Intel and AMD processors, and this just isn’t feasible,” notes Ren, the lead student author.

Via Tom’s Hardware

TOPICS
Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
An abstract image of a lock against a digital background, denoting cybersecurity.
Apple CPU security issue could let hackers steal user data from browsers
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
AMD Ryzen 5 7600X processor
AMD confirms processor security flaws after Asus patch slips out early
AMD logo
AMD patches high severity security flaw affecting Zen chips
Security
Intel slams Nvidia and AMD, claims chip giants have huge numbers of security flaws
The socket interface of the Intel Core Ultra processor
Got an Intel Core Ultra 200S CPU? These are the patches you need to help gaming performance – with one more update coming in January 2025
Latest in Pro
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
European Union technical background
EU tech companies push for digital sovereignty, reducing reliance on US and others
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
Adobe Summit 2025
Adobe Summit 2025 - all the news and updates as it happens
Latest in News
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
Nintendo Switch 2
Nintendo Switch 2 expected to have AI upscaling and I can't wait to finally play Tears of the Kingdom with upgraded graphics
PowerColor Red Devil AMD RX 9070 XT graphics card shown side-on
Your next GPU could be from AMD, not Nvidia, if Team Red’s success with PC gamers continues
More about pro
Minisforum AI X1 mini PC

Tiny Mac Mini rival can power four 8K monitors, and is the first mini PC to receive AMD's powerful Ryzen 7 260 APU
AOOSTAR G-FLIP mini PC

AMD powers the world's fastest all-in-one PC, and yes, I've probably overstretched the definition of AIO PC just a tiny bit
Metroid Prime 4

I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
See more latest
Most Popular
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Minisforum AI X1 mini PC
Tiny Mac Mini rival can power four 8K monitors, and is the first mini PC to receive AMD's powerful Ryzen 7 260 APU
AOOSTAR G-FLIP mini PC
AMD powers the world's fastest all-in-one PC, and yes, I've probably overstretched the definition of AIO PC just a tiny bit
26TB WD Red Pro HDD
Western Digital introduces 26TB WD Red Pro HDDs for RAID and NAS systems at a surprisingly low price
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Samsung HW-Q990D soundbar, subwoofer and rear speakers
Samsung's best Dolby Atmos soundbar is being bricked by a new update – here's what we know so far
Intel Lunar Lake concept
Intel's Panther Lake processors won't arrive until Q1 2026 - corroborates previous delay rumors despite former Intel CEO's promise of 2025 launch
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Apple Watch Ultra 2 settings
I've been using an Apple Watch for 10 years – here are three common mistakes even I've made