Questions tagged [meltdown]

A side-channel vulnerability affecting Intel x86 and few ARM-based microprocessors allowing user processes to read memory belonging to the kernel. Affects various OSes like Linux, OS X, and Windows. Published in January 2018.

The attack exploits timing differences in out-of-order instruction execution, coupled with a privilege escalation vulnerability specific to Intel processors, due to which speculatively executed instructions can bypass memory protection mechanisms. Meltdown allows user processes to read memory belonging to the kernel or other processes. In particular, it breaks the security between virtual machines running on the same host.

See full attack details at https://meltdownattack.com

See our canonical question on this site at Meltdown and Spectre Attacks

95 questions

votes

1 answer

Are Meltdown and Spectre only exploitable with compiled code?

Is a system vulnerable where the only untrusted code is interpreted, JIT'd, or executed in a VM as bytecode? Does it depend on the language? Compiler? Or, do attacks depend on the attacker loading very specific, compiled instructions onto the…

meltdown spectre

asked Jan 04 '18 at 18:27

svidgen

votes

1 answer

How does Meltdown/Spectre impact Intel SGX?

I've been reading about Meltdown and Spectre today, and I'm wondering if they impact Intel SGX enclaves. Now, my understanding of Meltdown is somewhat hazy, but AFAICT it does not impact secure enclaves, because it relies on the kernel being mapped…

intel-sgx spectre meltdown

asked Jan 04 '18 at 05:13

strugee

votes

1 answer

What are the risks of not patching a workstation OS for Meltdown?

Assume the following: macOS (but not sure that matters that much) workstation, mostly gets new executables from the app store or open source repos through macports homebrew fair bit of loading JS, Python and Ruby scripts, again from repos. (the…

risk-management meltdown

asked Jan 04 '18 at 05:09

Italian Philosophers 4 Monica

votes

2 answers

Does recent Intel hardware mitigate Meltdown at the hardware level?

Recently a security researcher made the following claim via Twitter (emphasis added): If you're running Windows, I'm about to publish a tool that checks if you have the "Variant 3: rogue data cache load (CVE-2017-5754)" aka #Meltdown patches…

hardware meltdown cpu intel

asked Jan 05 '18 at 14:23

Alexander O'Mara

8,774
6
34
38

votes

3 answers

How can CPU designers prevent information leaks from speculated execution?

We know about short-term measures to mitigate the Meltdown and Spectre vulnerabilities in certain microprocessors where speculative execution has measurable effects on cache timings (mainly patches to microcode, operating systems and any…

meltdown spectre cpu

asked Jan 19 '18 at 13:13

Toby Speight

1,214
9
17

votes

1 answer

Intel firmware/microcode updates that make processors "immune" to both Spectre and Meltdown?

Recently Intel has claimed the following in a press release (emphasis added): SANTA CLARA, Calif., Jan. 4, 2018 — Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and…

hardware meltdown spectre cpu intel

asked Jan 09 '18 at 15:44

Alexander O'Mara

8,774
6
34
38

votes

1 answer

Mitigating Meltdown by checking the faulting address in every page fault?

Short question Would checking if the faulting address for every page fault points to kernel memory reliably detect an attempted Meltdown exploit, on systems that lack Intel TSX (and thus cannot suppress exceptions)? The Linux kernel do_page_fault()…

linux hardware detection kernel meltdown

asked Jan 09 '18 at 07:49

forest

64,616
20
206
257

votes

3 answers

Why is accessing kernel memory a security risk?

A lot of the news regarding the Meltdown vulnerability is emphasizing that it allows programs to read memory that should be off limits to the user. While I understand that this should not happen, few sources have explained exactly how accessing…

operating-systems memory kernel meltdown

asked Jan 07 '18 at 16:41

Rob Rose

votes

2 answers

Can Javascript engines that run on the JVM be used to implement the Spectre exploit?

I see that Chrome and Mozilla have added mitigations into their javascript engines for the Spectre vulnerabilities (CVE-2017-5753 & CVE-2017-5715). However I cant find anything regarding javascript engines that run on the JVM for example Rhino and…

javascript vulnerability java meltdown spectre

asked Jan 05 '18 at 13:52

Jamesy82

votes

1 answer

How risky would it be to run a Linux kernel without Spectre and Meltdown patches on a regular desktop system?

What would happen if we adopted: https://make-linux-fast-again.com/ Assume the system is used for development and general browsing. Are there any cases of these vulnerabilities being exploited in the wild, (especially by websites)?

meltdown spectre

asked May 27 '19 at 14:04

rep_movsd

votes

2 answers

Spectre/Meltdown - Does memory deallocation erase the actual RAM contents?

The other day I've been thinking about Spectre and Meltdown and the ability of one process to access the memory of another. On my Linux system currently I have all JavaScript disabled to eliminate the possibility of some JS program to access memory…

data-leakage memory kernel meltdown spectre

asked Jan 24 '18 at 10:23

george

votes

3 answers

Spectre and Meltdown being used in large scale attack on unpatched systems

Do we have to be worried about Spectre and Meltdown being used for a large scale attack like Wannacry? Even though the patches coming out are being deployed to a most recent systems, there will inevitably be A LOT of systems that won't be patched.…

wannacry meltdown spectre

asked Jan 05 '18 at 21:31

A. C. A. C.

votes

2 answers

Why do CPUs operate speculatively with results of forbidden memory fetches?

By my understanding, the Meltdown and Spectre attacks both exploit the fact that some modern processor, when given something like: if (x < arr1[y]) z = arr2[arr3[x]*256]; may sometimes fetch the value of arr2[arr3[x] * 256] before they have…

meltdown spectre

asked Jan 04 '18 at 23:27

supercat

2,029
10
10

votes

1 answer

Can speculative execution on intel cpu be disabled?

In the light of all the recent Intel Vulnerabilities with speculative execution, can speculative execution be fully disabled to protect from all this vulnerabilities, from BIOS or OS kernel? Maybe stupid question, but is it possible?

meltdown spectre side-channel cpu

asked Aug 24 '18 at 17:01

user3604665

votes

1 answer

Are mitigations for Spectre and Meltdown needed in the VMs for dynamic languages other than JavaScript?

Mitigations for Spectre and Meltdown are being added to the JavaScript VMs in Chrome, Firefox, IE/Edge and WebKit. Are similar mitigations also needed in the VMs for other dynamic languages? For example, I assume mitigations are needed in LuaJIT…

javascript vulnerability meltdown spectre

asked Jan 10 '18 at 08:25

user200783

Prev 1

3 4 5 6 7 Next