Questions tagged [meltdown]

A side-channel vulnerability affecting Intel x86 and few ARM-based microprocessors allowing user processes to read memory belonging to the kernel. Affects various OSes like Linux, OS X, and Windows. Published in January 2018.

The attack exploits timing differences in out-of-order instruction execution, coupled with a privilege escalation vulnerability specific to Intel processors, due to which speculatively executed instructions can bypass memory protection mechanisms. Meltdown allows user processes to read memory belonging to the kernel or other processes. In particular, it breaks the security between virtual machines running on the same host.

See full attack details at https://meltdownattack.com

See our canonical question on this site at Meltdown and Spectre Attacks

95 questions

votes

1 answer

how did the meltdown attack break KASLR in 128 steps for a target machine with 8GB RAM with 40bit randomization on a 64bit machine?

In the meltdown official paper released the authors broke the KASLR with 128 steps at worse. Unable to understand how did they come down to that number Paper for reference

asked Jan 30 '18 at 19:38

yolob 21

votes

0 answers

Meltdown - Reading processes info from leaked memory

Found this video: https://www.youtube.com/watch?v=De4rBaAdKNA In the video Meltdown is used to read process memory based by PID/name. How it is done? The program looks for task_struct in leaked memory and parses data out of if, based on struct…

exploit exploit-development meltdown

asked Jan 22 '18 at 18:48

dev

votes

1 answer

Spectre: Problem with Understanding POC - Reading data from cache

I understand the vulnerability (Spectre) and, in theory, what the PoC does. But I do not understand the part of the PoC, when it reads or identifys the data from the cache, between the lines 86 - 108. I know that the PoC is reading the data from the…

exploit exploit-development code-review meltdown spectre

asked Jan 11 '18 at 15:45

user104787

votes

1 answer

Meltdown and Spectre vs. dcache timing and dcache leak issues

I've heard an expert (or "expert") laugh the current focus on Meltdown and Spectre off by arguing that dcache timing and dcache leak issues have been known and around for years (so nothing new there ...) Does such belittlement have (some) merit or…

meltdown spectre

asked Jan 08 '18 at 21:32

Drux

votes

1 answer

Could Meltdown/Spectre be exploited from C#/.Net (or other managed languages or the Midori OS)?

First off yes the correct answer is patch your OS/system. That aside: Does the memory managed features of a language like C# prevent it from being used to exploit the Meltdown security bug? What about if you use the unsafe keyword? Bonus…

.net meltdown spectre

asked Jan 08 '18 at 06:50

DeltaTango

votes

2 answers

Is there a microcode or other hardware fix for Meltdown?

Linked to my question here, the MS support page states In addition to installing the January security update, a processor microcode update is required. But previous articles I've read said there are no microcode fixes possible, which is exactly…

vulnerability updates meltdown

asked Jan 05 '18 at 11:49

Darren

vote

2 answers

Are Haswell CPUs still secure? Do they still get microcode updates?

I have a Dell laptop with a Haswell CPU, and the recent Retbleed vulnerabilities made me think how vulnerable it is in general. The whitepaper implies Haswell quite a lot, but it wasn't tested. I keep my microcode package up-to-date, but it seems…

meltdown spectre

asked Jul 20 '22 at 20:22

schaman

vote

1 answer

Are CPU side-channel attacks still a concern on VPSs

I've been looking into getting a VPS to run an OpenVPN server on and a few other things. I've been speaking to a hosting company and they have sent me this screenshot to show they are protected against all currently known exploits on their…

virtualization meltdown spectre side-channel vps

asked Oct 14 '21 at 18:07

Letal1s

vote

1 answer

Does enabling SharedArrayBuffers via service worker headers create Spectre vulnerability?

In browsers, use of SharedArrayBuffer is restricted to sites with the following HTTP headers because otherwise it exposes vulnerabilities to Spectre and Meltdown. Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin If…

web-browser http javascript meltdown spectre

asked Oct 07 '21 at 14:37

ultraGentle

vote

1 answer

Is protecting against Meltdown and Spectre on virtual servers actually possible?

I've been reading into the Meltdown and Spectre bugs recently and the issues they cause for virtualised servers, as memory in one VM can potentially be accessed by another user in a separate VM with the same host. I found this article on…

virtualization meltdown spectre side-channel vps

asked Sep 27 '21 at 19:32

Letal1s

vote

2 answers

Can a meltdown attack also violate data integrity of other processes or is it just violating data secrecy?

Can a meltdown attack also violate data integrity of other processes by obtaining different passwords or is it just violating data secrecy by reading data it is unauthorized to do?

linux integrity meltdown container x86

asked Apr 28 '21 at 07:36

Minh Nguyen Nhat

vote

0 answers

Prefetch Side-Channel Attacks:Bypassing SMAP and Kernel ASLR

I'm trying to understand and perform the Prefetch Side-Channel Attacks:Bypassing SMAP and Kernel ASLR. The author have released the proof-of-concept code. I'm trying to run the attack on my Intel Haswell machine, using Linux Ubuntu 20.04,…

meltdown spectre side-channel timing-attack virtual-memory

asked Jul 24 '20 at 14:10

parisa

vote

1 answer

are small SOC chips also affected by Meltdown and Spectre?

How can I find out, if given CPU is affected by the Meltdown and Spectre bugs ? My CPU is relatively older, and it is a SOC chip: AMD GX-412TC SOC I was not able to find, whether these chips also use speculative…

meltdown spectre cpu

asked Nov 26 '19 at 06:35

400 the Cat

vote

0 answers

How would one compare Cache Allocating Technology against MIT's Dynamically Allocated Way Guard for prevention of the Spectre side-channel Attack?

Upon research, I'm finding it difficult to identify a way to compare each solution. Is it correct in saying both solutions are software based? Therefore, could I compare overall PC perfomance with each software implementation?

meltdown spectre side-channel cpu intel

asked Jul 07 '19 at 14:30

Chris

vote

1 answer

Application level protection against Meltdown, Spectre, Foreshadow, Fallout. Zombieload

Is it possible to develop an application in such a way that its data in memory cant be stolen by recent attacks such as Meltdown, Spectre, Foreshadow, Fallout. Zombieload? All mitigations focus on patching hardware, BIOS or OS. But could sensitive…

meltdown spectre zombieload fallout

asked May 17 '19 at 09:27

Silver

1,824
11
23

Prev 1 2 3 4

6 7 Next