At least eight new variants of the Spectre vulnerability have been discovered and will be surfacing soon. One was discovered by Google's Project Zero team, which notoriously publishes the vulnerabilities they discover after ninety days, regardless of whether patches have been found. For that one, time's up on Monday, May 7.
Some of the vulnerabilities are more consequential or more easily exploited than others. One is reported to cause a serious problem for host systems running virtual machines: Malware running on a VM can break into the host or into other VMs on the same host.
“Exclusive: Spectre-NG — Multiple New Intel CPU Flaws Revealed, Several Serious”
Jürgen Schmidt, c't, May 3, 2018
One of the Spectre-NG flaws simplifies attacks across system boundaries to such an extent that we estimate the threat potential to be significantly higher than with Spectre. Specifically, an attacker could launch exploit code in a virtual machine (VM) and attack the host system from there — the server of a cloud hoster, for example. Alternatively, it could attack the VMs of other customers running on the same server. Passwords and secret keys for secure data transmission are highly sought-after targets on cloud systems and are acutely endangered by this gap. Intel's Software Guard Extensions (SGX), which are designed to protect sensitive data on cloud servers, are also not Spectre-safe.
Although attacks on other VMs or the host system were already possible in principle with Spectre, the real-world implementation required so much prior knowledge that it was extremely difficult. However, the aforementioned Spectre-NG vulnerability can be exploited quite easily for attacks across system boundaries, elevating the threat potential to a new level. Cloud service providers such as Amazon or Cloudflare and, of course, their customers are particularly affected.