Vulnerabilities: Meltdown and Spectre
Meltdown and Spectre are two recently uncovered flaws that can create issues in a variety of mainstream computer processors; Intel, AMD, and ARM all have experienced concerns relating to Meltdown and Spectre. Additionally, major technology manufacturers, like Apple and Microsoft, have expressed concerns over the potential vulnerability. The issue revolves around speculative execution, which is how modern computer processors maximize performance.
Speculative execution works by having the processor attempt to execute commands before it’s certain those commands are necessary; processors can potentially speed up system processes if they guess correctly and then discard the execution if it’s incorrect.
The speculation aspect creates certain detectable instances that, when monitored correctly, can provide information about how certain operations occur, how long it takes for the processes to occur, and even allowing data properties to be inferred based on this monitoring. This raises concerns because password data could be stolen, for instance, when it’s stored in a browser and a malicious script is running in the background; this type of exploit could be used to enhance the damage done by another security flaw.
What is the Meltdown Vulnerability?
Meltdown is one of two vulnerabilities recently announced that affects almost every Intel processor chip and many high-performance ARM processor chips. What makes Meltdown a big concern for many manufacturers and users is the ease that an exploit can occur; when exploited, Meltdown allows the malicious user to review large amounts of kernel data. The kernel is one of the computer programs at the core of the operating system, providing almost complete control over the computer’s systems; reading this information can provide a lot of data about the computer and the operating system.
Although Meltdown can be easily exploited, there are easily incorporated safeguards that can be implemented; the safeguard suggested in most instances may not be practical since it can limit performance, is to reduce the sharing between the kernel and user programs. By limiting or removing the sharing between these two areas, Meltdown can be guarded against, protecting the kernel data.
What is the Spectre Vulnerability?
The second vulnerability that has come into the light is the Spectre vulnerability, which affects Intel, AMD, and ARM processor chips; it’s believed that processor chips that use speculative execution outside of these three processor lines may also be affected.
The Spectre vulnerability exploits a weakness that allows the exploit to read single process memory, which can then be used to attack the branch predictors within the process; the branch predictor is used to guess which direction on a branch is chosen, which is responsible for controlling the speculative execution functions. Additionally, the single process memory can be used to attack virtual machines or sandboxes; there is no easy fix for the Spectre vulnerability.
Currently, there are some fixes that have been implemented to protect against some aspects of the vulnerability. However, there are a number of modifications that need to be made, or at the minimum, some compilation changes of the processes, before this vulnerability is completely addressed.
Official CVE Report
Responses from Manufacturers
The three biggest processor manufacturers affected by Meltdown and Spectre, Intel, ARM, and AMD, have each come out with responses to these vulnerabilities. While each of these companies is experiencing issues, Intel is affected by the largest amount of processors being impacted.
Being hit with the most affected processors, Intel’s response to Meltdown and Spectre was anticipated highly, since processors from the last decade (or more) may be affected by these vulnerabilities. Initial statements from Intel were a bit broad, sweeping over the true issues and merely acknowledging that they exist.
However, Intel has since come out with a whitepaper addressing mitigation techniques to be used when safeguarding against Spectre vulnerabilities. Additionally, there are already mitigation factors being implemented for future Intel-based chips, reducing the potential of this exploit being used on newer chips.
AMD has also released a statement, addressing the belief that their chips are not as susceptible to the vulnerabilities as other chip manufacturers. About a week before the announcement regarding Meltdown and Spectre occurred, there was an attempt by AMD to keep the information private until patches had been released. Additionally, at the end of 2017, a patch was released that excluded many AMD chips from Meltdown, which gives the suggestion that AMD was aware of the vulnerability.
ARM, compared to Intel and AMD, approached the vulnerability and creating a response in a different way. Avoiding public relations announcements, ARM released a technically sound whitepaper, which addressed concerns about patches for Meltdown and safeguarding against array attacks; ARM provided samples showing how to guard against these attacks as well. Although ARM is not currently developing a solution for Spectre, they do state their chips have existing systems that help invalidate or temporarily disable branch predictors.