Questions tagged [meltdown]

A side-channel vulnerability affecting Intel x86 and few ARM-based microprocessors allowing user processes to read memory belonging to the kernel. Affects various OSes like Linux, OS X, and Windows. Published in January 2018.

The attack exploits timing differences in out-of-order instruction execution, coupled with a privilege escalation vulnerability specific to Intel processors, due to which speculatively executed instructions can bypass memory protection mechanisms. Meltdown allows user processes to read memory belonging to the kernel or other processes. In particular, it breaks the security between virtual machines running on the same host.

See full attack details at https://meltdownattack.com

See our canonical question on this site at Meltdown and Spectre Attacks

95 questions

vote

0 answers

Software mitigation for variant 3a (rogue system register read) and variant 4 (speculative store bypass)

AFAIK, all mitigable meltdown / spectre variants have software mitigation except for variant 3a and 4. Why is this the case? For variant 4, a straightforward software mitigation is to place lfence before all memory load operations. However,…

asked May 03 '19 at 19:08

Alex Vong

vote

0 answers

Nessus ADV180002: Microsoft SQL Server January 2018 Security Update (Meltdown) (Spectre)

I have a MS Server 2012 r2 running ArcServe 17.5, which uses MSSQL Server Express 2014. When Nessus runs a scan of this system, I am getting the plugin 105613 - ADV180002: Microsoft SQL Server January 2018 Security Update (Meltdown) (Spectre). I…

sql-server meltdown spectre nessus

asked Jul 09 '18 at 19:21

mappingman

vote

2 answers

What is the significance of Spectre and Meltdown?

Reading up on Spectre and Meltdown attacks again, I don't get why they were hyped so much. These are cache attacks that take advantage of the instruction pipeline processing implementation in addition to the cache implementation. So this is just…

vulnerability meltdown spectre

asked Mar 16 '18 at 14:33

stflow

vote

2 answers

What to do against Spectre-1, Sprectre-2 and Meltdown on Linux and Windows in 01/2018?

How to handle Spectre-1, Spectre-2 and Meltdown for now, in 01/2018? It can almost never be wrong to do the following Stay up to date with your browser and OS e.g. Linux kernel update Update anti-virus software if installed Be careful But is there…

meltdown spectre

asked Jan 26 '18 at 21:34

Kutsubato

vote

2 answers

Spectre, Meltdown to read SSH keys

I've got a VPS running on Ubuntu, accessed through SSH, passwordless and with a public key. Can Spectre and Meltdown be used to compromise it in order to get access remotely eg by reading the private key stored on the server?

vpn ssh meltdown spectre

asked Jan 20 '18 at 22:34

microwth

2,101
2
14
19

vote

1 answer

how do CPU cache side-channel attack fit into the background of Meltdown vulnerability?

NOTE:I know there are similar questions out there, namely this one, but that answer is just an extraction from original paper, which didn't clarify the attack. Additionally I can see from answers there are some meaningful discussion going, so I will…

meltdown side-channel

asked Jan 15 '18 at 13:47

Sajuuk

vote

2 answers

Meltdown & UEFI

I've been trying to understand the risk of an unprotected BIOS being the victim of an UEFI attack using Meltdown and what the risks are compared to the bug being unpatched in the OS. What is required in order to insert UEFI malware? Is this possible…

meltdown uefi

asked Jan 11 '18 at 14:46

JLo

vote

1 answer

Meltdown - Reading Process Memory Data

Tried this PoC: https://github.com/mniip/spectre-meltdown-poc Which works for the sys_call_table. I was able to read the syscall sys_read address. Wanted to test it with a sample program to read the value of the memory, but in this case it does not…

exploit-development meltdown

asked Jan 09 '18 at 09:33

dev

vote

1 answer

How can a userspace linux process refer to a kernel address?

I would like help understanding a particular aspect of meltdown. My understanding is that the meltdown bug can be used for a userspace linux process to access kernel memory (indirectly, through a timing side channel). Listing 2 in the meltdown paper…

linux memory kernel meltdown

asked Jan 08 '18 at 16:57

river

vote

1 answer

Can one sidestep Meltdown/Spectre vulnerabilities by not installing new software on a server?

Is it possible to not install new programs on a server and sidestep any Meltdown/Spectre vulnerabilities because it is only a newly identified issue. I have an SLES server that runs a fixed database load. It's an Intel Xeon on AWS (hvm) VPC in a…

meltdown

asked Jan 07 '18 at 23:05

Dinesh

vote

2 answers

How does the Intel CPU design flaw affect us?

Today, I saw this in the news. I'm hesitant to install the fix, because I've heard it would slow down IO 50%, which is not acceptable for me. But a guy said that the flaw allows JavaScript in the browser steal your information. Is this true? Worst…

hardware meltdown cpu spectre intel

asked Jan 04 '18 at 01:57

Mithril

votes

1 answer

Understanding the Meltdown vulnerability

I need to write a simple program that demonstrates a race condition. I picked the Meltdown vulnerability. I want to clarify something. I'm following this explanation…

privilege-escalation meltdown race-condition

asked Sep 14 '21 at 18:09

Segmentation fault

votes

1 answer

Are there any class of systems where it is safe to disable spectre and meltdown patches

I was not able to find a definite answer to the question whether it is safe to disable spectre and meltdown vulnerabilities but i could articles that suggests the defaults might be revisited & windows seems to allow the disabling of these. Does…

meltdown spectre

asked May 28 '21 at 04:57

computinglife

votes

0 answers

Secure code makes exploitation easier with CPU vulnerabilities?

I researched CPU vulnerabilities in the past, such as Specter and Meltdown. I read that one of those attacks is made easier if the code is a certain way. I cannot remember if it was related to being efficiently written, securely written, or some…

exploit-development secure-coding spectre meltdown cpu

asked Jun 26 '20 at 00:00

user5623335

votes

0 answers

Meltdown checker says AWS and Rackspace is vulnerable - Why?

Today I was curious how my vmware environment stacked up against Spectre and Meltdown. So I ran spectre-meltdown-checker. It came back clean with 7 of 8 variants OK (the failed one is apparently not possible to exploit under VMware) Then I was…

cloud-computing aws meltdown spectre

asked Oct 29 '18 at 17:18

user3280964

1,130
2
7
13

Prev 1 2 3 4 5

7 Next