Questions tagged [meltdown]

A side-channel vulnerability affecting Intel x86 and few ARM-based microprocessors allowing user processes to read memory belonging to the kernel. Affects various OSes like Linux, OS X, and Windows. Published in January 2018.

The attack exploits timing differences in out-of-order instruction execution, coupled with a privilege escalation vulnerability specific to Intel processors, due to which speculatively executed instructions can bypass memory protection mechanisms. Meltdown allows user processes to read memory belonging to the kernel or other processes. In particular, it breaks the security between virtual machines running on the same host.

See full attack details at https://meltdownattack.com

See our canonical question on this site at Meltdown and Spectre Attacks

95 questions

171

votes

3 answers

Meltdown and Spectre Attacks

Canonical question regarding the 2018 Jan. disclosed Meltdown and Spectre Attacks. Other identical or significantly similar questions should be closed as a duplicate of this one. Main concerns What is speculative execution and what does it…

asked Jan 05 '18 at 13:41

M'vy

13,033
3
47
69

votes

2 answers

What are the risks of not patching a server or hypervisor for Meltdown?

The patch for Meltdown is rumoured to incur a 30% performance penalty, which would be nice to avoid if possible. So this becomes a Security vs Performance risk-assessment problem. I am looking for a rule-of-thumb for assessing the risk of not…

risk-management meltdown

asked Jan 04 '18 at 05:38

Mike Ounsworth

57,707
21
150
207

votes

4 answers

Spectre/meltdown on a GPU

Are GPUs vulnerable to spectre/meltdown attacks, since they have most of what makes CPUs attackable? Is there any information in the VRAM, that would cause trouble if it was stolen?

meltdown spectre gpu

asked Jan 08 '18 at 10:42

Bálint

votes

3 answers

Is it true that meltdown and spectre were intended as debug tools?

I heard from a guy that's involved in low-level (assembler, C for drivers and OSes) programming, that meltdown and spectre weren't actually vulnerabilities discovered only so recently, but they were openly known as debug tools. It seems quite…

meltdown spectre

asked Jan 12 '18 at 10:00

Antek

votes

3 answers

Are new Intel CPUs vulnerable to Meltdown/Spectre?

Has Intel released any information about new processors? According to their advisory a number of processors are susceptible, but it says nothing about when new processors will be fixed. Also Meltdown and Spectre Vulnerabilities has no answers…

meltdown spectre intel

asked Feb 13 '18 at 09:19

bitmask

votes

1 answer

How to mitigate Meltdown in Docker images?

On https://meltdownattack.com/ it is suggested that (in some cases?) scenarios with Docker containers are also vulnerable. I'm a developer using Docker for two different purposes: Images used for running build steps in GitLab CI/CD A few images…

docker meltdown

asked Jan 04 '18 at 09:44

Jeroen

votes

6 answers

On Windows boxes, is patching for Spectre and Meltdown necessary?

From what I've read, Spectre and Meltdown each require rogue code to be running on a Windows box in order for attacks to take place. The thing is, once a box has rogue code running, it's already compromised. Given that the Microsoft patches for…

windows vulnerability known-vulnerabilities meltdown spectre

asked Jan 11 '18 at 19:05

RockPaperLz- Mask it or Casket

3,114
21
50

votes

1 answer

Meltdown and Virtual Machines

This question originated from a discussion about VMs not being vulnerable to Meltdown. Can Meltdown "break out" of a virtual machine, so to speak? What is meant by this is: Can a program (with any access and priveledge level desired) within a…

virtualization meltdown

asked Jan 04 '18 at 19:20

NH.

1,004
1
9
20

votes

1 answer

Which attacks are known that exploit the vulnerability known as Spectre?

As reported yesterday the Linux and Windows kernels will receive a security update pretty soon to close vulnerabilities that concern 'kernel memory leaking'. What exactly the design flaw is, that was probably identified at the end of 2017, is…

kernel meltdown spectre kaslr

asked Jan 03 '18 at 15:48

Tom K.

7,913
3
30
53

votes

6 answers

How do I check if KPTI is enabled on linux?

The Meltdown attack FAQ says that KPTI is the fix for linux. How do I check if KPTI is running/enabled?

linux exploit meltdown

asked Jan 03 '18 at 23:55

Shelvacu

2,333
4
16
29

votes

2 answers

Are new AMD processors more secure than Intel ones?

Since the discovery of Meltdown and Spectre, CPU security has been compromised and trust to the main manufacturers reduced, particularly Intel. 8 months later I wonder, what CPUs are more secure at this moment? Why? Have the patches achieved the…

meltdown spectre cpu intel speculative-store-bypass

asked Sep 06 '18 at 07:15

user3770060

votes

1 answer

Is anyone seeing a performance decrease after applying recent kernel patch fixing Meltdown and Spectre?

Our company has a lot of CPU intensive operations on our servers, so the performance decrease is a concern for the organization. We did the benchmarks, and it seems that performance is almost not affected. Initially it was stated that performance…

linux kernel meltdown spectre performance

asked Jan 11 '18 at 15:16

Jason Holcomb

votes

1 answer

Was Meltdown/Spectre discovered in 1991 or 1995?

Wikipedia mentions this paper without going into details: The Intel 80x86 Processor Architecture: Pitfalls for Secure Systems: As mentioned in the preceding scenario, caches present potential for covert timing channels. Even without MSRs for…

meltdown spectre

asked Jan 10 '18 at 11:38

chx

votes

3 answers

Should Virtual Machines be patched for Meltdown and Spectre?

In Meltdown and Virtual Machines it was clarified that at least Spectre works crossing VMs. This of course means that the Hypervisor must be patched, but Should the VM OS be patched as well? Not being real CPUs it is not clear if they are directly…

virtualization meltdown spectre

asked Jan 06 '18 at 04:21

Envite

votes

2 answers

Why are CPUs designed in a way so the "meltdown" exploit works?

I'm trying to wrap my head around "meltdown", but to first understand it, I've been trying to understand memory accesses. From what I understand, the CPU attempts to look up the virtual address in the translation lookaside buffer, which indicates…

meltdown

asked Jan 08 '18 at 16:22

Clinton

2 3 4 5 6 7 Next