Jump to content

Side-Channel Vulnerability Variants 3a and 4


Recommended Posts


Side-Channel Vulnerability Variants 3a and 4

Alert (TA18-141A)


Side-Channel Vulnerability Variants 3a and 4

Original release date: May 21, 2018 | Last revised: May 22, 2018

Systems Affected

CPU hardware implementations


On May 21, 2018, new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and Meltdown were publicly disclosed. These variants—known as 3A and 4—can allow an attacker to obtain access to sensitive information on affected systems.


Common CPU hardware implementations are vulnerable to the side-channel attacks known as Spectre and Meltdown. Meltdown is a bug that "melts" the security boundaries normally enforced by the hardware, affecting desktops, laptops, and cloud computers. Spectre is a flaw that an attacker can exploit to force a CPU to reveal its data.


Variant 3a is a vulnerability that may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information.


Variant 4 is a vulnerability that exploits “speculative bypass.” When exploited, Variant 4 could allow an attacker to read older memory values in a CPU’s stack or other memory locations. While implementation is complex, this side-channel vulnerability could allow less privileged code to


    Read arbitrary privileged data; and

    Run older commands speculatively, resulting in cache allocations that could be used to exfiltrate data by standard side-channel methods.


Corresponding CVEs for Side-Channel Variants 1, 2, 3, 3a, and 4 are found below:


    Variant 1: Bounds Check Bypass – CVE-2017-5753
    Variant 2: Branch Target Injection – CVE-2017-5715
    Variant 3: Rogue Data Cache Load – CVE-2017-5754
    Variant 3a: Rogue System Register Read – CVE-2018-3640  
    Variant 4: Speculative Store Bypass – CVE-2018-3639


Side-Channel Vulnerability Variants 3a and 4 may allow an attacker to obtain access to sensitive information on affected systems.


NCCIC recommends users and administrators

    Refer to their hardware and software vendors for patches or microcode,
    Use a test environment to verify each patch before implementing, and
    Ensure that performance is monitored for critical applications and services.

        Consult with vendors and service providers to mitigate any degradation effects, if possible.

        Consult with Cloud Service Providers to mitigate and resolve any impacts resulting from host operating system patching and mandatory rebooting, if applicable.


The following table contains links to advisories and patches published in response to the vulnerabilities.

This table will be updated as information becomes available.

Link to Vendor Information    Date Added
AMD    May 21, 2018
ARM    May 21, 2018
Intel    May 22, 2018
Microsoft    May 21, 2018
Redhat    May 21, 2018


    Google Project Zero Blog
    Bounds Check Bypass – CVE-2017-5753
    Branch Target Injection – CVE-2017-5715
    Rogue Data Cache Load – CVE-2017-5754
    Rogue System Register Read – CVE-2018-3640
    Speculative Store Bypass – CVE-2018-3639
    TA18-004A – Meltdown and Spectre Side-Channel Vulnerability Guidance


    May 21, 2018: Initial version
    May 22, 2018: Added information and link to Intel in table




  • Thanks 2
Link to post

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now
  • Create New...