Last updated: 10 Jan 2018
On 4 January 2018, news broke concerning a pair of CPU vulnerabilities seemingly affecting pretty much all computers. The security flaws, named Meltdown & Spectre, were discovered by security researchers at Google’s Project Zero, and found in processors designed by Intel, AMD and ARM.
Meltdown exploits side effects of out-of-order (‘speculative’) execution on modern processors to read arbitrary kernel-memory locations including personal data and passwords.1
Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary.2
Revelations about Meltdown and Spectre have caused havoc and left a critical mass of confusion in their wake. Not only are they complex vulnerabilities, the fixes that do exist have come in patchwork fashion. Also there is no single fix for the Meltdown and Spectre attack variants; each requires protection independently.
What does it actually mean for you?
Our advice is avoid trying to understand the intricacies of it all, as you'll go stir crazy. It's a processor problem. So replace your processor, and in the meantime make sure you apply the OS, software and firmware patches appropriate to you to help mitigate this class of vulnerability.
Some useful additional info/links:
- Variant 1 (CVE-2017-5753), “bounds check bypass.” This vulnerability affects specific sequences within compiled applications, which must be addressed on a per-binary basis.
- Variant 2 (CVE-2017-5715), “branch target injection”. This variant may either be fixed by a CPU microcode update from the CPU vendor, or by applying a software mitigation technique called “Retpoline” to binaries where concern about information leakage is present. This mitigation may be applied to the operating system kernel, system programs and libraries, and individual software programs, as needed.
- Variant 3 (CVE-2017-5754), “rogue data cache load.” This may require patching the system’s operating system. For Linux there is a patchset called KPTI (Kernel Page Table Isolation) that helps mitigate Variant 3. Other operating systems may implement similar protections - check with your vendor for specifics.
We recommend reading their Summary/Mitigation table.
Here are the technical papers:
Keep your business secure with Secarma
We believe that the security of your critical networks and data is key to your organisation’s success. Whatever your sector, whatever your size, our mission is to help you to seize the competitive advantages of providing your clients with security, compliance, and reliability.