Meltdown and Spectre are computer processor chip vulnerabilities that allow attackers to access sensitive information such as passwords, encryption keys, personal photographs, and emails. These vulnerabilities were discovered by researchers at Google’s Project Zero, and have forced a redesign of Windows, Mac, and Linux operating system software to mitigate the vulnerability and prevent attackers from exploiting it. Meltdown and Spectre affect everyone with a PC and/or smartphone, barring a few exceptions.
The vulnerabilities were created by a flaw in the design of the chips and their speculative execution function. Speculative execution allows the CPU to guess what code needs to be executed next and perform it before it is required to do so, in order to speed up performance. However, reports suggest that Intel CPUs may be performing speculative execution without requiring important security checks. This mishandling of speculative execution creates a CPU vulnerability which an attacker can exploit to access sensitive data in kernel memory.
The fix for the Meltdown patch involves a separation of the kernel’s memory (which operates with complete control of the operating system) from user processes, which is done via a method called Kernel Page Table Isolation (KPTI). However, this separation requires significantly more time to switch between kernel mode and user mode, causing a slowdown of the operating system’s performance by an estimated 5-30%, depending on the type of chip and the tasks being performed. Software has yet to be developed that can both protect against the Spectre and Meltdown vulnerabilities, and maintain the system’s operating speed.
Looking to learn more? We suggest heading over to Cloudflare’s Learning Center for an in-depth look at Meltdown/Spectre.
Share this: