Questions tagged [meltdown]

A side-channel vulnerability affecting Intel x86 and few ARM-based microprocessors allowing user processes to read memory belonging to the kernel. Affects various OSes like Linux, OS X, and Windows. Published in January 2018.

The attack exploits timing differences in out-of-order instruction execution, coupled with a privilege escalation vulnerability specific to Intel processors, due to which speculatively executed instructions can bypass memory protection mechanisms. Meltdown allows user processes to read memory belonging to the kernel or other processes. In particular, it breaks the security between virtual machines running on the same host.

See full attack details at https://meltdownattack.com

See our canonical question on this site at Meltdown and Spectre Attacks

95 questions

votes

2 answers

Why must Meltdown use probe array?

This is code snippet of Meltdown assembly language code: 1. ; rcx = kernel address, rbx = probe array 2. xor rax, rax 3. retry: 4. mov al, byte [rcx] 5. shl rax, 0xc 6. jz retry 7. mov rbx, qword [rbx + rax] Meltdown uses an array of pages…

asked Feb 07 '19 at 17:31

M. Kalter

votes

1 answer

How to fix Spectre variant 3a and variant 4?e

How I can fix CVE-2018-3640 [rogue system register read] aka 'Variant 3a' and CVE-2018-3639 [speculative store bypass] aka 'Variant 4'? My status for them is VULNERABLE. I have Intel CPU and using kernel 4.17. I read on a site there is a framework…

linux kernel meltdown spectre cpu

asked Aug 02 '18 at 11:34

user183433

votes

1 answer

Meltdown and Spectre regarding Firewalls and Sandboxing

I don't deeply understand Meltdown and Spectre -- all I know is that they are basically keylogging-like vulnerabilities within the CPU, which bypass any application layer stuff; correct me if I'm wrong. I want to know the following: Why is…

linux firewalls sandbox meltdown spectre

asked Apr 01 '18 at 15:10

izb3st

votes

1 answer

Adobe Flash and Meltdown / Spectre

Many browsers have received updates to protect against the Meltdown and Spectre attacks. I presume these patches relate (solely) to JavaScript execution within the browser. Java in the browser is as good as dead, so that's not affected. But even…

flash patching meltdown spectre vulnerability-management

asked Jan 26 '18 at 13:47

Maarten Bodewes

4,562
15
29

votes

1 answer

Is microcode physically able to mitigate Meltdown?

I am aware that there is no microcode fix for Meltdown available (it has already been answered in various questions), and that the only extant microcode patches (IBRS and IPBP) only help with one of the Spectre variants, but I would like to know if…

hardware firmware meltdown

asked Jan 18 '18 at 17:21

forest

64,616
20
206
257

votes

1 answer

Meltdown - PoC - Reading physical address with KASLR disabled does not work

Working with this PoC https://github.com/IAIK/meltdown Running it: # ./secret [+] Secret: Sample text [+] Virtual address of secret: 0x4af528 [+] Physical address of secret: 0x172bc3528 [+] Exit with Ctrl+C if you are done reading the…

meltdown

asked Jan 11 '18 at 13:46

dev

votes

2 answers

How does the side channel actually access the contents of kernel memory in Meltdown?

In the Meltdown paper it mentions it can identify kernel memory address being accessed. The part I don't understand is how the FLUSH+RELOAD channel works to identify what the contents of the memory address in the L1 cache lines are. How does it…

meltdown side-channel

asked Jan 11 '18 at 12:36

Dale

votes

1 answer

Are MCUs (Like arduinos) effected by Meltdown?

I am curious if Microcontrolers are effected by the vulnerabilities of Meltdown and Spectre. These devices are not specifically CPUs, and do not run Operating Systems per-say. I'm not really sure I understand the whole speculative execution attack,…

embedded-system meltdown spectre

asked Jan 07 '18 at 20:47

j0h

votes

1 answer

Are Meltdown and Spectre complementary and used together

Meltdown and Spectre have both been announced at the same time, almost always in the same sentence. Is there a connection, other than timing and the fact that they attack chips? Are they used together in tandem to exploit a system? Or is it just…

vulnerability meltdown spectre

asked Jan 05 '18 at 14:11

Goose

1,394
1
11
17

votes

2 answers

How are exploits like Meltdown and Spectre noticed?

From the brief research that I have done both Meltdown and Spectre were primarily found by the same person (Jann Horn (Google Project Zero)). How are such exploits normally noticed/found?

meltdown spectre

asked Jan 05 '18 at 06:33

Karan Shishoo

votes

1 answer

Is Meltdown/Spectre mitigation necessary in virtual machine as well as in hypervisor?

I am running virtual machines in kvm/qemu hypervisor. The hypervisor has Meltdown/Spectre mitigation enabled in kernel. Is it necessary that virtual machines have the Meltdown/Spectre mitigation enabled as well, or is the protection provided by the…

virtualization kernel meltdown spectre kvm

asked Dec 08 '18 at 12:18

Martin Vegter

1,826
4
27
39

votes

2 answers

Can someone explain in layman terms how Spectre and Meltdown expose protected data

I'm working on a document about them and I think I understand it general what happens -> by exploiting the CPUs memory caching and speculative execution but I'm a little lost of how protected data is actually exposed. So if I understand speculative…

meltdown spectre

asked Oct 24 '18 at 19:54

PruitIgoe

votes

1 answer

Mitigation of Spectre and Meltdown affecting host OS from guest OS (Virtualbox)

I don't know all the details of Spectre and Meltdown, but the way I understand it is that they allow reading from memory, not writing to it. Also, I read that at least Spectre can get out of the virtual machine and therefore also affect the host OS.…

virtualization meltdown spectre

asked Oct 18 '18 at 21:01

reed

15,398
6
43
64

votes

1 answer

Privacy implications of Intel CPU backdoors

I didn't follow all the episodes about backdoors in Intel CPUs What can intelligence or law enforcement agencies potentially do on a computer equipped with a vulnerable Intel CPU (connected to the Internet but not directly - behind a router)? Can…

linux backdoor meltdown spectre intel

asked Aug 24 '18 at 22:22

user18362

votes

2 answers

Should I wait until Spectre and Meltdown is fixed in hardware?

I have a Laptop that needs replacing due to age. I will be using this laptop for desktop use, including Office Apps, Development, Running VMs & Web Browsing. I will be using separation using Qubes/Xen, KVM or Virtualbox. Note: Laptop won't be…

web-browser virtualization meltdown spectre qubes-os

asked Jun 09 '18 at 12:00

BerryResponsible

Prev 1 2 3

5 6 7 Next