The Meltdown and Spectre CPU Exploits

We do IT, so you don't have to.

The Meltdown and Spectre CPU Exploits

Meltdown Spectre CPU Exploits

2018 is starting off to be a bad year for AMD, ARM, and Intel—mostly Intel. Researchers revealed earlier this week that all CPUs made in the last two decades are vulnerable to hardware-based exploits that aren’t easy to fix, especially without significant performance penalties. Initially, there was just one exploit, based on Intel’s CPU architecture and the ability to execute instructions in a speculative manner, that is, essentially out of order. This helps modern CPUs in significant ways and is a fundamental part of CPU design.

Unfortunately, two primary attacks based on these fundamental CPU design principles have come to light, one significantly more serious than the other: Meltdown and Spectre. Here’s what you need to know about each.

What are Meltdown and Spectre?

Fundamentally, both exploits use somewhat similar core concepts. All modern processors use various features and techniques, including out-of-order execution (OOOE), branch prediction, and speculative execution to improve performance. However, all of these have the potential to execute code that shouldn’t be allowed. The hardware guarantees that the final result will be correct, flushing any results from code that shouldn’t have run. The problem is that there are side effects of the OOOE and speculative execution, where they can cause changes to the cache state, and then cache attacks can be used to try and pull ‘secrets’ (data from RAM) out of the cache.

What is Meltdown?

Meltdown is an exploit that affects Intel CPUs at least since 2011, which leverages elements of out-of-order execution to cause a change in the cache state of a CPU, and then use that to dump contents of memory that should normally be inaccessible. It may affect many other CPUs as well, basically, anything that uses OOOE, which includes all Intel CPUs back to the original Pentium Pro (excluding Itanium and Atom before 2013), and AMD CPUs from a similar time period. While the current full implementation of Meltdown does not work on AMD and ARM CPUs, there are indications that further modification of the code could allow a similar attack to work on AMD and ARM processors. The KPTI (and similar) patches that have been deployed for Windows, OS X, and Linux largely mitigate the problem, though there are still some less critical remaining concerns.It’s important to note that many of these exploits aren’t actually new. 
“The fact that hardware optimizations can change the state of micro-architectural elements, and thereby imperil secure software implementations, is known since more than 20 years. Both industry and the scientific community so far accepted this as a necessary evil for efficient computing.”
What has changed is that Meltdown is a working attack vector on many Intel CPUs. The good news is that all the major operating systems should already be patched to mitigate problems.

Add comment