Everything On The Meltdown + Spectre CPU Flaws!

The Meltdown + Spectre Vulnerabilities

  • The Project Zero team identified these vulnerabilities in 2017, reporting it to Intel, AMD and ARM on 1 June 2017.
  • These vulnerabilities take advantage of the Speculative Execution and Branch Prediction features of the modern processor, that have been used for many years to improve performance.
  • Speculative Execution lets the CPU predict and pre-execute the next instruction, allowing it to “instantly” deliver the results if it’s correct.
  • Branch Prediction helps the CPU predict future execution paths that should be speculatively-executed for better performance.
  • There are THREE (3) variants of the speculative execution CPU bug :
    • Variant 1 : Bounds Check Bypass (CVE-2017-5753)
    • Variant 2 : Branch Target Injection (CVE-2017-5715)
    • Variant 3 : Rogue Data Cache Load (CVE-2017-5754)
  • The Spectre attack (whitepaper) exploits variants 1 and 2.
  • The Meltdown attack (whitepaper) exploits variant 3.
  • There is a Variant 3a, which appears to affect only certain ARM processors.

What’s The Difference Between Meltdown & Spectre? New!

  • Spectre tricks the CPU branch predictor into mis-predicting the wrong path, thereby speculatively executing code that would not otherwise be executed.
  • Meltdown takes advantage of the out-of-order execution capability of modern processors, tricking them into executing malicious code that would normally not be allowed.
  • The Spectre name is based on both the root cause – speculative execution, and the fact that it is not easy to fix, and will haunt us for a long time like a spectre (ghost).
  • The Meltdown name was chosen because the vulnerability “basically melts security boundaries which are normally enforced by the hardware“.

How Bad Are Meltdown & Spectre?

  • The Spectre exploits let an attacker access and copy information from the memory space used by other applications.
  • The Meltdown exploit lets an attacker copy the entire physical memory of the computer.
  • Unless patched, the affected processors are vulnerable to malware and cyberattacks that exploits this CPU bug to steal critical information from running apps (like login and credit card information, emails, photos, documents, etc.)
  • While the Meltdown exploit can be “fixed”, it is likely that the Spectre exploit cannot be fixed, only mitigated, without a redesign of the processors. That means we will have to live with the risks of a Spectre attack for many more years to come.

What Processors Are Affected? Updated!

For the complete list of affected AMD, Apple, ARM and Intel processors, please see this separate article – The Complete List Of CPUs Vulnerable To Meltdown / Spectre

  • The Google Project Zero Vulnerability Variant 1, targeted by the Spectre exploit, has been confirmed to affect AMD, ARM and Intel processors :
    • AMD : 71 server CPUs, 31 workstation CPUs, 100 desktop CPUs, 72 mobile CPUs
    • Apple : 13 mobile SoCs
    • ARM : 10 mobile SoCs, 3 server SoCs
    • Intel : 625 server / workstation CPUs, 352 desktop CPUs, 456 mobile CPUs, 51 mobile SoCs
  • The Google Project Zero Vulnerability Variant 2, targeted by the Spectre exploit, has been confirmed to affect AMD, ARM and Intel processors :
    • AMD : 71 server CPUs, 31 workstation CPUs, 100 desktop CPUs, 72 mobile CPUs
    • Apple : 13 mobile SoCs
    • ARM : 10 mobile SoCs, 3 server SoCs
    • Intel : 625 server / workstation CPUs, 352 desktop CPUs, 456 mobile CPUs, 51 mobile SoCs
  • The Google Project Zero Vulnerability Variant 3, targeted by the Meltdown exploit, has been confirmed to affect Apple, ARM and Intel processors :
    • Apple : 13 mobile SoCs
    • ARM : 1 mobile SoC, 3 server SoCs
    • Intel : 625 server / workstation CPUs, 352 desktop CPUs, 456 mobile CPUs, 51 mobile SoCs
  • The Google Project Zero Vulnerability Variant 3a, targeted by the Meltdown exploit, has been confirmed to affect only some ARM processors :
    • ARM Cortex-A72, Cortex-A57 and Cortex-A15 processors
  • Apple confirmed that “all Mac systems and iOS devices are affected“. The only exception – the Apple Watch models are not affected.
  • Although initially saying that their processors are only affected by Spectre 1, AMD clarified on 11 January 2018that their processors are also affected by Spectre 2.

For the complete list of affected AMD, Apple, ARM and Intel processors, please see this separate article – The Complete List Of CPUs Vulnerable To Meltdown / Spectre

Intel Detection Tool?

The Intel-SA-00086 Detection Tool does NOT detect the processor’s susceptibility to these vulnerabilities. It only checks for different vulnerabilities affecting the Intel Management Engine.

InSpectre New!

Our reader Arthur shared that the Gibson Research Corporation has an aptly-named utility called InSpectre.

It checks for Meltdown and Spectre hardware and software vulnerabilities in a Windows system. It will help you check if your system is getting patched properly against these vulnerabilities.

What Is Being Done??? Updated!

Note : The terms “mitigate” and “mitigation” mean the possibility of a successfully attacked are reduced, not eliminated.

  • Intel has started issuing software and firmware updates for the processors introduced in the last 5 years. By the middle of January 2018, Intel expects to have issued updates for more than 90% of those CPUs. However, that does not address the other Intel processors sold between 2010 and 2012.
  • Microsoft and Linux have started to roll our the KPTI (Kernel Page Table Isolation) patch, also known as the KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed) patch.
  • The KPTI or KAISER patch, however, will only protect against the Meltdown exploit. It has no effect on a Spectreattack.
  • Microsoft Edge and Internet Explorer 11 received the KB4056890 security update on 3 January 2018, to prevent a Meltdown attack.
  • Firefox 57 includes changes to mitigate against both Meltdown and Spectre attacks.
  • Google Chrome 64 will be released on 23 January 2018, with mitigations against Meltdown and Spectreattacks.
  • For Mac systems, Apple introduced mitigations against Spectre in macOS 10.13.2 (released on 8 January 2018), with more fixes coming in macOS 10.13.3.
  • For iOS devices, Apple introduced mitigations against Meltdown in iOS 11.2 and tvOS 11.2.
  • On 8 January 2018, Apple released iOS 11.2.2, which mitigates the risk of the two Spectre exploits in Safari and WebKit, for iPhone 5s, iPad Air, and iPod touch 6th generation or later.
  • ARM has made available the KPTI / KAISER kernel patches for Linux, while Google will provide them for Android.
  • Google patched Android against both Spectre and Meltdown exploits with the December 2017 and January 2018 patches.
  • Google shared details of their Return Rrampoline (Retpoline) binary modification technique that can be used to protect against Spectre attacks. It is a software construct that ensures that any associated speculative execution will “bounce” (as if on a trampoline) endlessly.
  • On 11 January 2018, AMD announced that the “majority of AMD systems” have received the mitigation patches against Spectre 1, albeit some older AMD systems got bricked by bad patches. They also announced that they will make “optional” microcode updates available for Ryzen and EPYC processors by the same week.
  • In the same 11 January 2018 disclosure, AMD also shared that Linux vendors have started to roll out OS patches for Spectre 1 and Spectre 2, and they’re working on the “return trampoline (Retpoline)” software mitigations as well.
  • On 23 January 2018, Apple released Meltdown patches for macOS Sierra and OS X El Capitan, but not macOS High Sierra.
  • On 23 January 2018, Microsoft finally revealed their Spectre and Meltdown patch schedule.

Some AMD PCs Got Bricked

In the rush to mitigate against Meltdown and Spectre, Microsoft released Windows 10 patches that bricked some AMD PCs. They blamed the incorrect / incomplete documentation provided by AMD.

You can read more about this issue @ Warning : These Windows 10 Updates Are Bricking AMD PCs!

Some Intel CPUs Spontaneously Reboot Updated!

Intel’s rush to patch Meltdown and Spectre resulted in buggy microcode patches, causing several generations of their CPUs to spontaneously reboot.

So far, over 800 Intel CPU models have been identified to be affected by these spontaneous reboot issues. If you have one of the affected CPUs, please hold off BIOS / firmware updates!

Intel has identified the cause as the Spectre 2 patches in their microcode updates for some of these processors. They’re still investigating the cause of the other affected CPU models.

You can read more about this issue @ Intel Reboot Issues With Meltdown-Spectre Patches

What Should You Do? Updated!

First and foremost – DO NOT PANIC. There is no known threat or attack using these exploits.

Although we listed a number of important patches below, the buggy updates are worse than the potential threat they try to fix. So we advise HOLDING OFF these patches, and wait for properly-tested versions a few weeks down the line.

  • If you are using Windows, make sure you install the latest Microsoft Spectre and Meltdown updates.
  • If you are using a Mac system, get the latest Apple Spectre and Meltdown patches.
  • If you are using an iOS device, get updated to iOS 11.2 or tvOS 11.2.
  • If you are using Firefox, update to the latest Firefox 57.
  • If you are using Google Chrome, make sure you watch out for Chrome 64, which will be released on 23 January.
  • Download and install the latest software firmware updates from your PC, laptop, motherboard brands. In particular, install the latest driver for the Intel Management Engine (Intel ME), the Intel Trusted Execution Engine (Intel TXE), and the Intel Server Platform Services (SPS)
  • If you are running an ARM processor on Linux, grab the kernel patches.

The Performance Impact Of The CPU Bug Patches

Many benchmarks have been released, showing performance impacts of between 5% to 30%, depending on the type of benchmark and workload. Microsoft has called those benchmark results into question, stating that they did not cover both operating system and silicon microcode patches.

They released an initial report on their findings, which we have summarised in our article – Pre-2016 Intel CPUs Hit Worst By Meltdown + Spectre Fix.

This story is still developing. Tech ARP will update their original article as and when new details emerge. Be sure to check back there for the latest information!

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments