IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [spectre]

A side-channel vulnerability affecting modern microprocessors that perform branch prediction like Intel, AMD, ARM, Sparc and PowerPC allowing user processes to read memory belonging to other processes. Affects Linux, OS X, and Windows. Published in January 2018.

A side-channel vulnerability affecting modern microprocessors that perform branch prediction like Intel, AMD, Sparc V9, ARM and PowerPC CPUs allowing user processes to read memory belonging to other processes. Affects a wide range of OSes like Linux, OS X, AIX, Solaris and Windows. Published in January 2018.

The attack exploits speculative instruction execution that results from CPU branch prediction, coupled with traditional cache timing attacks in order to learn the contents of another process' memory space.

See full attack details at https://spectreattack.com

See our canonical question on this site at Meltdown and Spectre Attacks

94 questions
5
votes
1 answer

Reducing resolution of timers as mitigation against Meltdown and Spectre

I have read that Firefox' current mitigation against Meltdown and Spectre (from 57.x) consists of the following: The resolution of performance.now() will be reduced to 20µs. The SharedArrayBuffer feature is being disabled by default. Is it…
Drux
  • 371
  • 1
  • 2
  • 10
5
votes
6 answers

what fails in speculative execution that allows the read of memory out of bounds in Spectre vulnerability vs. normal CPU behaviour?

Following google's Project zero blog entry for Spectre/Meltdown, there's this piece of code that exemplifies the attack: struct array { unsigned long length; unsigned char data[]; }; struct array *arr1 = ...; /* small array */ struct array…
circulosmeos
  • 151
  • 1
  • 1
  • 5
5
votes
2 answers

Are VIA CPUs vulnerable to Spectre/Meltdown attacks?

I couldn't find any information about the recently published Spectre/Meltdown attacks affecting VIA CPUs. Are they also affected by this vulnerabilities?
ml_
  • 153
  • 4
5
votes
1 answer

Do I need to patch Linux for Meltdown/Spectre if the hypervisor has been patched, and I trust the guest?

If I'm running a VM on Amazon EC2 or Microsoft Azure, and they've patched the underlying hypervisor, do I need to upgrade my Linux kernel to protect against Meltdown or Spectre? Assume that I'm not running any untrusted software in my VM. I know…
Roger Lipscombe
  • 2,307
  • 3
  • 14
  • 20
5
votes
1 answer

Can Spectre be fixed in future hardware simply by purging CPU caches?

As far as I understand it, Spectre is caused by speculative execution not completely undoing all side effects of an incorrect branch prediction (specifically, not undoing a CPU cache write). Doesn't that mean that it would be relatively simple to…
strugee
  • 688
  • 1
  • 6
  • 16
4
votes
0 answers

What kind of attacks can hardware level memory encryption protect from?

Both AMD and Intel have introduced memory encryption at the hardware level. AMD calls this Secure Memory Encryption (SME), with the Intel version being Total Memory Encryption (TME). What kind of attacks can this technology protect from, and what…
Steve Sether
  • 21,480
  • 8
  • 50
  • 76
4
votes
1 answer

Sacrificing 30% of my CPU performance (by disabling Hyper-Threading) to fully mitigate CPU vulnerabilities, necessary?

I used the spectre-meltdown-checker, version 0.42, without any option resulting in all-green results. But, in a help page, I found the --paranoid switch, which resulted in about a half of later CVEs to become red. I read what it told me, that for…
LinuxSecurityFreak
  • 1,562
  • 2
  • 18
  • 32
4
votes
2 answers

Will patching a higher layer protect against the spectre/meltdown vulnerability in a lower layer?

The question I am about to ask is similar to the following question: Do I need to patch Linux for Meltdown/Spectre if the hypervisor has been patched, and I trust the guest? However, I would like to take the question a bit further or a bit deeper.…
John K. N.
  • 141
  • 5
4
votes
2 answers

Why and where was Meltdown made public before schedule for the first time?

Originally, Meltdown and Spectre had a coordinated disclosure date of January 9, 2018. Some vendors were preparing to release fixes at that time, and were caught by surprise when the vulnaribilities were made public earlier (as described here, for…
Zoltan
  • 274
  • 2
  • 8
4
votes
2 answers

What is the expected performance impact/loss of meltdown/spectre patches?

The patches related to the mitigation of meltdown and spectre attacks, have they caused significant and noticeable slow down of execution in systems they have been applied to?
ng.newbie
  • 265
  • 2
  • 6
4
votes
1 answer

Are Meltdown and Spectre exploitable on 32-bit Linux platforms?

All of the information I've seen thus far on Meltdown and Spectre explicitly reference 64-bit platforms. What about 32-bit (specifically RHEL/CentOS)? I would assume that's also vulnerable but can someone confirm if that's the case?
Mike B
  • 3,336
  • 4
  • 29
  • 39
4
votes
3 answers

Do the Spectre and Meltdown CPU bugs affect AMD in addition to Intel?

If a server or or PC is running AMD CPUs, will those be affected by the Spectre and/or Meltdown bugs currently effecting Intel chips? Why or why not? What makes it affect one and not the other? How does architecture play a role?
TestinginProd
  • 908
  • 3
  • 9
  • 14
4
votes
3 answers

A POWER7 processor on IBM i is currently vulnerable to Meltdowm or Spectre

All the updates on available linux systems have already been made. But I also have an IBM i (AS400) server, I have not heard in the news. But obviously it is more lucrative for news channels to inform about intel, amd or ARM. Since POWER processors…
jasilva
  • 143
  • 5
4
votes
1 answer

Can I disable access to JS APIs in the browser such as highres timers?

In the wake of recent news of CPU bugs like Meltdown and Spectre which rely on precise(-ish) measurments of elapsed time, I find myself in the mood for disabling things like window.performance.now() in my browser (apart from other mitigations,…
kralyk
  • 161
  • 3
4
votes
2 answers

What is the relationship between the GPZ research titles and Meltdown and Spectre?

I learned today that there were three vulnerabilities reported by Google Project Zero: bounds check bypass, branch target injection and rogue cache data load. Here is the AMD response to them:…
juhist
  • 273
  • 1
  • 6
1 2
3
4 5 6 7