Understanding Spectre and Meltdown Differences
The year 2018 started with a bombshell news for IT security industry. The industry learned that a series of vulnerabilities named Spectre and Meltdown is going to affect all high-end microprocessors produced in the last 20 years. The vulnerabilities were discovered by researchers almost six months ago. Security threats are nothing new for the IT industry. However, the scope of these new threats is astounding. From the personal computer to the enterprise-level clouds, every high-end microprocessor is at risk. And the problems are hardware-related, so they are more difficult to fix.
The Cause of Spectre and Meltdown
Malicious programs can exploit Spectre and Meltdown to gain access to privileged data. They gain this access by taking advantage of speculative execution and caching. Here are the concepts that are in play:
- Speculative Execution: When a program executes on a microprocessor, it has to often wait to get the information from RAM memory. However, compared to execution time on the microprocessor, the fetch time from memory is long. So in order to speed up the process, when a microprocessor faces a situation where it needs information from memory to make a decision about the next calculation, it speculatively calculates the result that it thinks will be necessary. When the information from memory arrives, if the microprocessor has speculated the right branch, then it has the result ready. This speeds up the process. In case of a wrong speculation, the microprocessor just ignores the result.
- Caching: To further speed up execution, microprocessors use caching. Because going to the RAM memory is slower, microprocessors fetch information and keep it in the cache. The cache is also where the results of speculative execution are stored.
- Protected Memory: The concept of protected memory is used to make sure there is segregation of data on the microprocessor. In a protected memory environment, a process cannot see data from another process without granted privilege.
The Spectre and Meltdown vulnerabilities are exposed due to the complex interaction of these ideas. Processes aren’t able to access information of other processes without permission in protected memory. But due to the way modern microprocessor caches are designed, it’s possible for a process to read the information stored in the cache by the speculative execution tasks without any permission approval. A more detailed description of the vulnerabilities is available from the Project Zero team from Google.
Spectre and Meltdown Differences
The issues have been documented as three variants:
- Variant 1: bounds check bypass (CVE-2017-5753)
- Variant 2: branch target injection (CVE-2017-5715)
- Variant 3: rogue data cache load (CVE-2017-5754)
The variants 1 and 2 are grouped together as Spectre. The variant 3 is called Meltdown. Here are key points about the threats:
Threat: Exploiting information from other running processes.
Processors Affected: Processors from Intel, AMD and ARM are under threat.
Threat: Reading data from private kernel memory without permission.
Processors Affected: Processors from Intel and ARM. AMD processors are not affected.
Remedy: Patches has been released for Windows and Linux. MacOS has been patched since 10.13.2 and iOS since 11.2. According to Intel, OS updates should be enough to mitigate the risk, no need for firmware updates.
Spectre and Meltdown are long-term problems. Nobody is sure if the vulnerabilities have already been exploited. It’s important that you keep all of your OS and software up-to-date to minimize the risk of exposure.
- Meltdown and Spectre – Understanding and mitigating the threats – SANS DFIR Webcast
- Spectre & Meltdown – Computerphile