Intel processors hit by new high-risk vulnerabilities, first reactions from AMD and Intel

Eight new vulnerabilities - four of them high-risk - have found researchers in Intel processors. This is proven by information available exclusively to c't.

The previous processor attack scenarios Specter and Meltdown are just the tip of the iceberg: Intel processors contain eight other, previously unknown vulnerabilities , some of which are much more serious than Meltdown and Specter. The new vulnerabilities have already been assigned numbers in the Vulnerability Enumerator (CVE) directory; they probably also get their own names. Until they become known, let's summarize Specter Next Generation (Specter-NG).

CPU architecture as a problem

Users now rely on patches - and Intel needs to rethink its overall CPU design. In addition, the processor vendor has to provide more transparency than before - with risk analysis for potential vulnerabilities, for example.

[Update:] Intel's initial response is: "Protecting our customers' data and ensuring the safety of our products is a top priority at Intel, and we work closely with customers, partners, other chipmakers, and security researchers to understand issues This process also involves reserving blocks of CVE numbers, and we are confident in the concept of coordinated disclosure [of vulnerabilities] and will provide additional information on potential issues while we finalize safeguards To provide systems with updates continuously. "

Intel's original message: " Protecting our customers' data and ensuring the security of our products are critical priorities for us." We routinely work closely with customers, partners, and other people this process involves reserving blocks of CVE numbers. We are strongly in the value of Co-ordinating Disclosure. date. "

The company AMD is currently examining internally what information is available. AMD said on a request from the HEID: " Security and protecting users' data is of the utmost importance to AMD and we are aware of it speculative execution exploits We are looking into the matter and want to share information as appropriate . "

ARM, on the other hand, responded to the demand from c't with the answer that they did not want to comment.