Questions tagged [meltdown]
A side-channel vulnerability affecting Intel x86 and few ARM-based microprocessors allowing user processes to read memory belonging to the kernel. Affects various OSes like Linux, OS X, and Windows. Published in January 2018.
96
questions
2
votes
1
answer
46
views
How can a timing/cache side-channel attack be performed? How can attack know the time of which certain instructions are performed by the victim?
About timing my question is:
How can attack know the time of which certain instructions are performed by the victim?
And about the cache, how can attacker know which cache line is being accessed by ...
- 129
1
vote
2
answers
535
views
Are Haswell CPUs still secure? Do they still get microcode updates?
I have a Dell laptop with a Haswell CPU, and the recent Retbleed vulnerabilities made me think how vulnerable it is in general. The whitepaper implies Haswell quite a lot, but it wasn't tested. I keep ...
- 11
3
votes
0
answers
184
views
How to select a CPU to buy for the best security?
Various versions of Spectre, Meltdown, Foreshadow and ZombieLoad make it quite the jungle trip to navigate which CPUs are affected, how to mitigate them.
Right now, my problem is that I need a new ...
- 131
1
vote
1
answer
216
views
Are CPU side-channel attacks still a concern on VPSs
I've been looking into getting a VPS to run an OpenVPN server on and a few other things. I've been speaking to a hosting company and they have sent me this screenshot to show they are protected ...
- 109
2
votes
1
answer
825
views
Does enabling SharedArrayBuffers via service worker headers create Spectre vulnerability?
In browsers, use of SharedArrayBuffer is restricted to sites with the following HTTP headers because otherwise it exposes vulnerabilities to Spectre and Meltdown.
Cross-Origin-Embedder-Policy: require-...
- 123
1
vote
1
answer
509
views
Is protecting against Meltdown and Spectre on virtual servers actually possible?
I've been reading into the Meltdown and Spectre bugs recently and the issues they cause for virtualised servers, as memory in one VM can potentially be accessed by another user in a separate VM with ...
- 109
0
votes
1
answer
310
views
Understanding the Meltdown vulnerability
I need to write a simple program that demonstrates a race condition. I picked the Meltdown vulnerability.
I want to clarify something. I'm following this explanation https://resources.infosecinstitute....
0
votes
1
answer
304
views
Are there any class of systems where it is safe to disable spectre and meltdown patches
I was not able to find a definite answer to the question whether it is safe to disable spectre and meltdown vulnerabilities but i could articles that suggests the defaults might be revisited & ...
- 101
1
vote
2
answers
174
views
Can a meltdown attack also violate data integrity of other processes or is it just violating data secrecy?
Can a meltdown attack also violate data integrity of other processes by obtaining different passwords or is it just violating data secrecy by reading data it is unauthorized to do?
1
vote
0
answers
307
views
Prefetch Side-Channel Attacks:Bypassing SMAP and Kernel ASLR
I'm trying to understand and perform the Prefetch Side-Channel Attacks:Bypassing SMAP and Kernel ASLR. The author have released the proof-of-concept code.
I'm trying to run the attack on my Intel ...
- 111
0
votes
0
answers
154
views
Secure code makes exploitation easier with CPU vulnerabilities?
I researched CPU vulnerabilities in the past, such as Specter and Meltdown.
I read that one of those attacks is made easier if the code is a certain way. I cannot remember if it was related to being ...
- 713
1
vote
1
answer
214
views
are small SOC chips also affected by Meltdown and Spectre?
How can I find out, if given CPU is affected by the Meltdown and Spectre bugs ?
My CPU is relatively older, and it is a SOC chip:
AMD GX-412TC SOC
I was not able to find, whether these chips also ...
- 1,731
1
vote
0
answers
144
views
How would one compare Cache Allocating Technology against MIT's Dynamically Allocated Way Guard for prevention of the Spectre side-channel Attack?
Upon research, I'm finding it difficult to identify a way to compare each solution. Is it correct in saying both solutions are software based? Therefore, could I compare overall PC perfomance with ...
- 11
6
votes
1
answer
438
views
How risky would it be to run a Linux kernel without Spectre and Meltdown patches on a regular desktop system?
What would happen if we adopted: https://make-linux-fast-again.com/
Assume the system is used for development and general browsing.
Are there any cases of these vulnerabilities being exploited in ...
- 161
1
vote
1
answer
255
views
Application level protection against Meltdown, Spectre, Foreshadow, Fallout. Zombieload
Is it possible to develop an application in such a way that its data in memory cant be stolen by recent attacks such as Meltdown, Spectre, Foreshadow, Fallout. Zombieload? All mitigations focus on ...
- 1,820