
Spectre-NG Multiple new Intel CPU flaws revealed, several serious - ftf22
https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html
======
maltalex
Possibly not a hoax. Intel published this today [0]:

> Protecting our customers’ data and ensuring the security of our products are
> critical priorities for us. We routinely work closely with customers,
> partners, other chipmakers and researchers to understand and mitigate any
> issues that are identified, and part of this process involves reserving
> blocks of CVE numbers. We believe strongly in the value of coordinated
> disclosure and will share additional details on any potential issues as we
> finalize mitigations. As a best practice, we continue to encourage everyone
> to keep their systems up-to-date.

Also, AnandTech seems to have picked up the story [1] half an hour ago,
although it seems to rely on heise.de's report.

[0]: [https://newsroom.intel.com/articles/addressing-questions-
reg...](https://newsroom.intel.com/articles/addressing-questions-regarding-
additional-security-issues/)

[1]: [https://www.anandtech.com/show/12712/spectre-watch-more-
spec...](https://www.anandtech.com/show/12712/spectre-watch-more-spectreclass-
vulnerabilities-to-be-announced-soon)

------
wallnuss
Also the report (in German) [1] that the original release deadline was May
7th, but Intel has asked for another 14 days of leniency.

[1] [https://www.heise.de/security/meldung/Spectre-NG-Intel-
versc...](https://www.heise.de/security/meldung/Spectre-NG-Intel-verschiebt-
die-ersten-Patches-koordinierte-Veroeffentlichung-aufgeschoben-4043790.html)

------
dzdt
I missed any more serious discussion on this. Was there another more active
thread?

------
ComodoHacker
Why are they not disclosing assigned CVE numbers? Is there any risk in it?

~~~
craftyguy
Seriously. Until there's a CVE, this may just be an attempt to influence stock
price.

~~~
jlgaddis
Coming from c't and heise, I would be _very_ surprised if that were the case.
Both are very credible, IMO.

------
LinuxBender
Is this by chance another hoax, or an attempt to get people to stop patching?
I can not find any credible details.

~~~
ygra
c't is a reputable German computer magazine. The chances of this being a hoax
are slim, I'd say.

~~~
LinuxBender
Fair enough. I am looking forward to them sharing a detailed analysis. As
ComodoHacker mentioned, I too would like to see the CVE details or
placeholder.

~~~
davrosthedalek
In the German comment section, the author of the article says they
contemplated adding the CVE numbers, but decided against to protect the
source. He promises to add them at a later date.

