What are Meltdown and spectre?
The multiple vulnerabilities in the design of modern CPUs were disclosed on January 4, 2018. Taking advantage of certain processor performance optimizations, these vulnerabilities – named as Meltdown and spectre – making possible for the attackers to force applications into revealing the contents of system and application memory when manipulated correctly. These attacks work because the normal privileges checking behavior within the processor is subverted through the interaction of features like speculative execution, branch prediction, out of order execution, and caching.
Spectre was disclosed in CVE-2017-5753 and CVE-2017-5715. Meltdown was disclosed in CVE-2017-5754.
Why Meltdown and Spectre are dangerous?
Attacker can exploit Meltdown to get the data of other users. This can be used to steal the data from the other VMs running in the same hardware. This could severely affect the Cloud computing.
As this vulnerability lies in the hardware level, no matter what level of security you provide to applications that are running on these hardware is useless.
How meltdown works?
Meltdown works by exploiting the flaw in CPU optimization process called speculative execution. Meltdown works by tricking the processor to read an out-of-bounds memory location.
First the request is made for an illegal memory location after that a request is conditionally made to read a valid memory location. At the background processor completes the works for both the requests before checking whether the requests are valid or not. Once the processor understands that first request was invalid, it denies both the requests but the both the memory location remains in the processor’s cache.
When a new valid request is made, if the processor returns the location quickly, then it means that the conditional request was executed. This can be used iteratively to know the value in out-of-bounds memory locations.
How Spectre works?
Spectre also plays around by exploiting speculative execution to read restricted value. Spectre comes with 2 variants with different level of complexities.
Variant 1 – Very similar to Meltdown, in spectre also requests location beyond bounds and then conditionally requests the valid location. This makes to load legal address into the cache based on the out-of-bound value. Based on the time taken to retrieve the legal value help to find out-of-bound memory location.
Variant 2 – This variant is very difficult to exploit and to mitigate. Processors can speculatively execute conditional statement even before they are evaluated. This can be done with the help of branch prediction.
In branch prediction, processor makes use of history of previous executions through a code path to pick a path for speculative execution. Branch selection will not be having absolute references to the decision. So, the attacker can trick the processor to take wrong decision. This gives the attacker the idea about memory values outside the acceptable range.
How to know that you’re affected by Meltdown and spectre?
Meltdown and spectre affect majority of the modern processors. The most systems are vulnerable until specifically patched. This include desktop computer, servers, and compute instances operating in cloud environments.
Patches should be updated time to time; patches to protect against Meltdown and spectre are being released from operating system vendors.
In cloud and virtualized environments, providers will need to update the underlying infrastructure to protect their guests. Users will need to update their servers to mitigate the impact within the guest’s operating systems.
How to protect?
The complete protection against this attack would require changes in CPU design. There are updates released by the vendors but these play around or disable the optimization behaviors which caused this attack. So, this patch would considerably decrease the performance. The extent of slow-down depends on the type of work being performed. The I/O processes experiences the more slow-down.
Below are some of the tips to protect your system against Meltdown and Spectre:
- Update your Operating System (OS)
- Update your firmware
- Update 3rd part softwares
- Keep your anti-virus software active and up-to-date
- Update your Browser.
Different Vendors started releasing the patches against Meltdown and Spectre as soon as they got to know about it. Windows was the most affected so, they released their patch way early on 3rd of January, 2018.
Below are some of the kernel update releases by different distributions:
- CentOS 7: kernel 3.10.0-693.11.6
- CentOS 6: kernel 2.6.32-696.18.7
- Fedora 27: kernel 4.14.11-300
- Fedora 26: kernel 4.14.11-200
- Ubuntu 17.10: kernel 4.13.0-25-generic
- Ubuntu 16.04: kernel 4.4.0-109-generic
- Ubuntu 14.04: kernel 3.13.0-139-generic
- Debian 9: kernel 4.9.0-5-amd64
- Debian 8: kernel 3.16.0-5-amd64
- Debian 7: kernel 3.2.0-5-amd64
- Fedora 27 Atomic: kernel 4.14.11-300.fc27.x86_64
- CoreOS: kernel 4.14.11-coreos
Still some of the distributions have not yet released their patch include:
- FreeBSD 11.x
- FreeBSD 10.x
There is no doubt that Meltdown and Spectre are very dangerous vulnerabilities which needs immediate attention. We still don’t know how many vulnerabilities are hidden in our system. So, it’s our responsibility to safeguard our system by regularly updating the security patches released by respective vendors. Keep updating with the articles, news related to Meltdown and Spectre.