Speculative processing, the technology exploited by the Meltdown and Spectre bugs, is vulnerable in yet another way, and the fix could impact your performance by 2-8 percent.
The exploit, named Speculative Store Bypass, was jointly disclosed by Google and Microsoft yesterday, and affects all major processors—Intel, AMD, and ARM. Intel said in a statement that modern web browsers are already patched thanks to Spectre fixes, and that system-wide patches have been sent to partners. Those patches, however, will affect performance, and will not be turned on by default.
Here’s Tom Warren, writing for The Verge:
Intel has already delivered microcode updates for Speculative Store Bypass in beta form to OEMs, and the company expects them to be more broadly available in the coming weeks. The firmware updates will set the Speculative Store Bypass protection to off-by-default, ensuring that most people won’t see negative performance impacts.
“If enabled, we’ve observed a performance impact of approximately 2-8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client 1 and server 2 test systems,” explains Leslie Culbertson, Intel’s security chief.
It’s up to users, then, to decide whether they want to prioritize security or performance. But how does this new exploit work? Here’s a simple to understand summary of the problem from Red Hat:
Image credit: Virgiliu Obada/Shutterstock.com