IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [meltdown]

A side-channel vulnerability affecting Intel x86 and few ARM-based microprocessors allowing user processes to read memory belonging to the kernel. Affects various OSes like Linux, OS X, and Windows. Published in January 2018.

A side-channel vulnerability affecting Intel x86 and few ARM-based microprocessors allowing user processes to read memory belonging to the kernel. Affects various OSes like Linux, OS X, and Windows. Published in January 2018.

The attack exploits timing differences in out-of-order instruction execution, coupled with a privilege escalation vulnerability specific to Intel processors, due to which speculatively executed instructions can bypass memory protection mechanisms. Meltdown allows user processes to read memory belonging to the kernel or other processes. In particular, it breaks the security between virtual machines running on the same host.

See full attack details at https://meltdownattack.com

See our canonical question on this site at Meltdown and Spectre Attacks

95 questions
5
votes
1 answer

Why were Meltdown and Spectre disclosed at the same time?

Both the Meltdown and Spectre vulnerabilities were publicly disclosed on January 3, 2018. (6 days ahead of the originally planned January 9). Since their public reveal, there has been some confusion between the two vulnerabilities and what the…
Stevoisiak
  • 1,515
  • 1
  • 11
  • 27
5
votes
1 answer

Reducing resolution of timers as mitigation against Meltdown and Spectre

I have read that Firefox' current mitigation against Meltdown and Spectre (from 57.x) consists of the following: The resolution of performance.now() will be reduced to 20µs. The SharedArrayBuffer feature is being disabled by default. Is it…
Drux
  • 371
  • 1
  • 2
  • 10
5
votes
2 answers

Are VIA CPUs vulnerable to Spectre/Meltdown attacks?

I couldn't find any information about the recently published Spectre/Meltdown attacks affecting VIA CPUs. Are they also affected by this vulnerabilities?
ml_
  • 153
  • 4
5
votes
1 answer

What was state of the art knowledge on security of speculative evaluation when it was introduced to Intel CPUs?

Many sources claim that almost all Intel x86 CPUs back to Pentium Pro are vulnerable to the Meltdown attack. Pentium Pro was introduced to the market in 1995. What was the state of the art knowledge on security of speculative evaluation, the basis…
liori
  • 161
  • 4
5
votes
1 answer

Do I need to patch Linux for Meltdown/Spectre if the hypervisor has been patched, and I trust the guest?

If I'm running a VM on Amazon EC2 or Microsoft Azure, and they've patched the underlying hypervisor, do I need to upgrade my Linux kernel to protect against Meltdown or Spectre? Assume that I'm not running any untrusted software in my VM. I know…
Roger Lipscombe
  • 2,307
  • 3
  • 14
  • 20
4
votes
2 answers

Will patching a higher layer protect against the spectre/meltdown vulnerability in a lower layer?

The question I am about to ask is similar to the following question: Do I need to patch Linux for Meltdown/Spectre if the hypervisor has been patched, and I trust the guest? However, I would like to take the question a bit further or a bit deeper.…
John K. N.
  • 141
  • 5
4
votes
2 answers

Why and where was Meltdown made public before schedule for the first time?

Originally, Meltdown and Spectre had a coordinated disclosure date of January 9, 2018. Some vendors were preparing to release fixes at that time, and were caught by surprise when the vulnaribilities were made public earlier (as described here, for…
Zoltan
  • 274
  • 2
  • 8
4
votes
2 answers

What is the expected performance impact/loss of meltdown/spectre patches?

The patches related to the mitigation of meltdown and spectre attacks, have they caused significant and noticeable slow down of execution in systems they have been applied to?
ng.newbie
  • 265
  • 2
  • 6
4
votes
1 answer

Are Meltdown and Spectre exploitable on 32-bit Linux platforms?

All of the information I've seen thus far on Meltdown and Spectre explicitly reference 64-bit platforms. What about 32-bit (specifically RHEL/CentOS)? I would assume that's also vulnerable but can someone confirm if that's the case?
Mike B
  • 3,336
  • 4
  • 29
  • 39
4
votes
3 answers

Do the Spectre and Meltdown CPU bugs affect AMD in addition to Intel?

If a server or or PC is running AMD CPUs, will those be affected by the Spectre and/or Meltdown bugs currently effecting Intel chips? Why or why not? What makes it affect one and not the other? How does architecture play a role?
TestinginProd
  • 908
  • 3
  • 9
  • 14
4
votes
3 answers

A POWER7 processor on IBM i is currently vulnerable to Meltdowm or Spectre

All the updates on available linux systems have already been made. But I also have an IBM i (AS400) server, I have not heard in the news. But obviously it is more lucrative for news channels to inform about intel, amd or ARM. Since POWER processors…
jasilva
  • 143
  • 5
4
votes
3 answers

What do speculative execution patches protect me from?

There are a barrage of patches coming out, both at the application and OS levels for the recently disclosed speculative execution attacks against various vulnerabilities in CPUs from AMD, ARM, and Intel. I don't fully understand the attacks nor am…
n00b
  • 445
  • 2
  • 13
4
votes
1 answer

Can I disable access to JS APIs in the browser such as highres timers?

In the wake of recent news of CPU bugs like Meltdown and Spectre which rely on precise(-ish) measurments of elapsed time, I find myself in the mood for disabling things like window.performance.now() in my browser (apart from other mitigations,…
kralyk
  • 161
  • 3
4
votes
2 answers

What is the relationship between the GPZ research titles and Meltdown and Spectre?

I learned today that there were three vulnerabilities reported by Google Project Zero: bounds check bypass, branch target injection and rogue cache data load. Here is the AMD response to them:…
juhist
  • 273
  • 1
  • 6
3
votes
0 answers

How to select a CPU to buy for the best security?

Various versions of Spectre, Meltdown, Foreshadow and ZombieLoad make it quite the jungle trip to navigate which CPUs are affected, how to mitigate them. Right now, my problem is that I need a new computer but I want to make sure that I buy the most…
Teekin
  • 131
  • 3
1 2
3
4 5 6 7