The US CERT has issued a vulnerability warning for new SPECTRE variants that are based more on hardware designs and the need for O/S processing to take new pathways to avoid side channel memory compromise issues

TA18-141A: Side-Channel Vulnerability Variants 3a and 4

CPU hardware implementations— known as Spectre and Meltdown—are vulnerable to side-channel attacks. Meltdown is a bug that “melts” the security boundaries normally enforced by the hardware, affecting desktops, laptops, and cloud computers. Spectre is a flaw that an attacker can exploit to force a CPU to reveal its data.

Spectre Variant 3a is a vulnerability that may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information.

Spectre Variant 4 is a vulnerability that exploits “speculative bypass.” When exploited, Variant 4 could allow an attacker to read older memory values in a CPU’s stack or other memory locations. While implementation is complex, this side-channel vulnerability could allow less privileged code to

Read arbitrary privileged data

Run older commands speculatively, resulting in cache allocations that could be used to exfiltrate data by standard side-channel methods.

Corresponding CVEs for Side-Channel Variants 1, 2, 3, 3a, and 4 are found below:

Variant 1: Bounds Check Bypass – CVE-2017-5753
Variant 2: Branch Target Injection – CVE-2017-5715
Variant 3: Rogue Data Cache Load – CVE-2017-5754
Variant 3a: Rogue System Register Read – CVE-2018-3640 
Variant 4: Speculative Store Bypass – CVE-2018-3639