The Spectre and Meltdown Saga Continues : VARIANT 4 – A New Vulnerability Bug for Linux Kernel

May 23, 2018 | Views: 3088

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

I have been reading daily articles regarding cyber security, as my job is to stay up to date with the current vulnerabilities that are on the rise and still ongoing.

The Meltdown and Spectre incident early this year has moved all global companies towards the security mitigations that need to be done in order to overcome the exploits of the vulnerabilities that INTEL chip-sets were sadly “designed” with.

Now, a new exploit that was identified by security researchers Ken Johnson and Jann Horn has been made known to the public. Read the article here.

The update patch is already available as CVE-2018-3639.

The bug uses the microprocessor’s code itself, resulting in improper handling that allows for speculative execution of a Linux kernel memory read operation.

If this vulnerability is being used by an expert hacker, it can retrieve sensitive information about the machine by a method that addresses itself of prior memory actions.

For Sysadmins on how to check if you’re system is protected from Spectre Variant 4 (CVE-2018-3639), check

$ cat /sys/devices/system/cpu/vulnerabilities/spec_store_bypass

This command will return one of 3 possible results:

– Mitigation: Speculative Store Bypass disabled via prctl and seccomp — system is protected.

– No such file or directory — system is vulnerable to the Spectre 4 variant.

– Vulnerable — system does not feature updated microcode or an updated virtual machine hypervisor.

The security measures that were used against the Spectre v2 type  will only protect the system from a handful of  exploits.

The Speculative Store Bypass system administrators can attempt to manually set certain kernel values if the machines have not received the update yet.

Compiling needs to be done in the kernel sectors with the following values turned on:

Speculative Store Bypass Disable (SSBD) in the IA32_SPEC_CTRL Model-Specific Register (MSR) section of x86 processors.

Further protection of support does require updated microcode for Intel processors.

In Ubuntu, this is turned off by default; not all applications or services need it to operate the current OS.

BUT a string that is  PR_SPEC_STORE_BYPASS  can enable developers to opt into the mitigation on a per process basis. Applications that use the seccomp (a security filter) will be opted in automatically.

For Firefox and Chromium browsers, examples can contain LXD, sandboxes, and processes too.

System-wide SSBD mitigation can be enabled by booting with the spec_store_bypass_disable=on boot parameter.

The kernels need to be recompiled with the following value turned ON:

Speculative Store Bypass Disable (SSBD)

in the

IA32_SPEC_CTRL Model-Specific Register (MSR) section of x86 processors.


Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?