{"id":201,"date":"2018-02-09T11:53:51","date_gmt":"2018-02-09T11:53:51","guid":{"rendered":"https:\/\/www.tsfactory.com\/forums\/blogs\/?p=201"},"modified":"2021-09-23T06:31:05","modified_gmt":"2021-09-23T06:31:05","slug":"everything-you-need-to-know-about-meltdown-spectre","status":"publish","type":"post","link":"https:\/\/www.tsfactory.com\/forums\/blogs\/everything-you-need-to-know-about-meltdown-spectre\/","title":{"rendered":"Everything You Need to Know About Meltdown & Spectre"},"content":{"rendered":"

Everything You Need to Know About Meltdown & Spectre<\/b><\/p>\n

What are Meltdown and Spectre?<\/b><\/p>\n

Meltdown and Spectre are software viruses that take advantage of recently discovered computer hardware security vulnerabilities. They are the result of a hardware design flaw that was originally found to be present in all Intel chips made in the last 20 years.<\/span><\/p>\n


\n<\/span>This flaw essentially allows rogue programs<\/span><\/a> to access the contents of protected kernel memory areas of the computer\u2019s processors. The Meltdown and Spectre exploits have the potential to allow attackers to gain access to critical data previously considered completely protected.<\/span>
\n<\/span><\/p>\n

Meltdown<\/b>
\n<\/span>
\n<\/span>Meltdown is so-called because it figuratively ‘melts’ the security boundaries normally enforced by chip hardware that protect sections of the memory. Essentially it’s able to spy on data it shouldn’t have access to.<\/span>
\n<\/span>
\n<\/span>Spectre, on the other hand, derives its name from speculative execution, which involves a chip attempting to get a headstart on what a user might want from it. For instance, if the program a user is running follows an ‘if X, then Y’ rule, then if a user chooses to perform X, the chip must then work on carrying out Y. A chip performing speculative execution would start carrying out Y before the user chooses to perform X, to get a headstart on computation. Doing so leaks data that should stay confidential.<\/span><\/p>\n

Spectre<\/b>
\n<\/span>
\n<\/span>A Spectre attack requires more intimate knowledge of the victim program’s inner workings, and doesn’t allow access to other programs’ data, but will also work on just about any computer chip out there.<\/span>
\n<\/span>
\n<\/span>Spectre’s name also derives from the fact that it will be much trickier to stop \u2014 while patches are starting to become available, other attacks in the same family will no doubt be discovered. That’s the other reason for the name: Spectre will be haunting us for some time.<\/span>
\n<\/span>
\n<\/span>The official Spectre website (<\/span>yes, there is one<\/span><\/a>) states that while Spectre is harder to exploit than Meltdown, it is also harder to mitigate. It breaks the isolation between different applications and allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. However, it is possible to prevent specific known exploits based on Spectre through software patches.<\/span>
\n<\/span>
\n<\/span>Who is affected?<\/b>
\n<\/b><\/p>\n

Short answer: Pretty much everybody.<\/span>
\n<\/b><\/p>\n

Meltdown only affects Intel processors and at the moment, it is unclear whether AMD processors are also affected. ARM says some of its processors are also affected.<\/span>
\n<\/span>
\n<\/span>Spectre is much more widespread, however. Almost every system is affected by Spectre, including desktops, laptops, cloud servers, and even smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable, that means all popular operating systems, including Windows, Linux, and macOS are affected.<\/span><\/p>\n

A huge variety of devices, from laptops to smartphones to servers, are therefore theoretically affected. <\/span>The assumption going forward should be that any untested device should be considered vulnerable<\/span><\/a>.<\/span><\/p>\n

How are VMs affected?<\/b><\/p>\n

All those vulnerabilities affect infrastructure with untrusted VMs. If <\/span>you run your on-premise\/isolated “cloud”<\/span><\/a>, you are relatively safe (still losing one “defence” anyway). This must be a reminder that even on the cloud, your applications still run on some hardware.<\/span><\/p>\n

XenServer<\/b><\/p>\n

Meltdown on XenServer<\/span><\/i><\/p>\n

Meltdown is using a design flaw into Intel CPUs only. This is called by Xen sec team “SP3” (aka rogue data cache load). You are impacted only if you are using:<\/span><\/p>\n