Skip to main content
Information Security

Questions tagged [spectre]

Ask Question

A side-channel vulnerability from 2018, affecting modern microprocessors that perform branch prediction (such as Intel, AMD, ARM, Sparc and PowerPC), allowing user processes to read memory belonging to other processes. Affects Linux, OS X, and Windows.

96 questions
Newest Active Bountied Unanswered
1 vote
0 answers
144 views

How would one compare Cache Allocating Technology against MIT's Dynamically Allocated Way Guard for prevention of the Spectre side-channel Attack?

Upon research, I'm finding it difficult to identify a way to compare each solution. Is it correct in saying both solutions are software based? Therefore, could I compare overall PC perfomance with ...
Chris's user avatar
Chris
  • 11
3 votes
1 answer
620 views

Do I need microcode update if I update Kernel?

There is a CPU vulnerability Microarchitectural Fill Buffer Data Sampling. I use a Linux OS and I think to fix Microarchitectural Fill Buffer Data Sampling you need to update intel microcode or ...
user209346's user avatar
user209346
  • 31
6 votes
1 answer
438 views

How risky would it be to run a Linux kernel without Spectre and Meltdown patches on a regular desktop system?

What would happen if we adopted: https://make-linux-fast-again.com/ Assume the system is used for development and general browsing. Are there any cases of these vulnerabilities being exploited in ...
rep_movsd's user avatar
rep_movsd
  • 161
1 vote
1 answer
255 views

Application level protection against Meltdown, Spectre, Foreshadow, Fallout. Zombieload

Is it possible to develop an application in such a way that its data in memory cant be stolen by recent attacks such as Meltdown, Spectre, Foreshadow, Fallout. Zombieload? All mitigations focus on ...
Silver's user avatar
Silver
  • 1,820
1 vote
0 answers
218 views

Software mitigation for variant 3a (rogue system register read) and variant 4 (speculative store bypass)

AFAIK, all mitigable meltdown / spectre variants have software mitigation except for variant 3a and 4. Why is this the case? For variant 4, a straightforward software mitigation is to place lfence ...
Alex Vong's user avatar
Alex Vong
  • 182
2 votes
1 answer
4k views

Is Meltdown/Spectre mitigation necessary in virtual machine as well as in hypervisor? [duplicate]

I am running virtual machines in kvm/qemu hypervisor. The hypervisor has Meltdown/Spectre mitigation enabled in kernel. Is it necessary that virtual machines have the Meltdown/Spectre mitigation ...
Martin Vegter's user avatar
Martin Vegter
  • 1,731
0 votes
0 answers
217 views

Meltdown checker says AWS and Rackspace is vulnerable - Why?

Today I was curious how my vmware environment stacked up against Spectre and Meltdown. So I ran spectre-meltdown-checker. It came back clean with 7 of 8 variants OK (the failed one is apparently ...
user3280964's user avatar
user3280964
  • 1,152
2 votes
2 answers
262 views

Can someone explain in layman terms how Spectre and Meltdown expose protected data

I'm working on a document about them and I think I understand it general what happens -> by exploiting the CPUs memory caching and speculative execution but I'm a little lost of how protected data is ...
PruitIgoe's user avatar
PruitIgoe
  • 123
3 votes
1 answer
870 views

Mitigation of Spectre and Meltdown affecting host OS from guest OS (Virtualbox)

I don't know all the details of Spectre and Meltdown, but the way I understand it is that they allow reading from memory, not writing to it. Also, I read that at least Spectre can get out of the ...
reed's user avatar
reed
  • 15.8k
0 votes
1 answer
239 views

Do any speculative executation attacks affect ARMv7 CPUs?

Do we know if there are speculative execution attacks that affect ARMv7 CPUs at this time? Are there any theoretical risks that need further investigation?
user avatar
user115400
16 votes
2 answers
3k views

Are new AMD processors more secure than Intel ones?

Since the discovery of Meltdown and Spectre, CPU security has been compromised and trust to the main manufacturers reduced, particularly Intel. 8 months later I wonder, what CPUs are more secure at ...
user3770060's user avatar
user3770060
  • 163
2 votes
1 answer
1k views

Privacy implications of Intel CPU backdoors [closed]

I didn't follow all the episodes about backdoors in Intel CPUs What can intelligence or law enforcement agencies potentially do on a computer equipped with a vulnerable Intel CPU (connected to the ...
user18362's user avatar
user18362
  • 21
5 votes
1 answer
2k views

Can speculative execution on intel cpu be disabled?

In the light of all the recent Intel Vulnerabilities with speculative execution, can speculative execution be fully disabled to protect from all this vulnerabilities, from BIOS or OS kernel? Maybe ...
user3604665's user avatar
user3604665
  • 153
3 votes
1 answer
414 views

How to fix Spectre variant 3a and variant 4?e

How I can fix CVE-2018-3640 [rogue system register read] aka 'Variant 3a' and CVE-2018-3639 [speculative store bypass] aka 'Variant 4'? My status for them is VULNERABLE. I have Intel CPU and using ...
user183433's user avatar
user183433
  • 31
0 votes
1 answer
205 views

Do Meltdown and Spectre affect other Intel products such as SSDs?

I've found a good deal on an Intel SSD but I don't want to worry about the security hole or the loss of performance from patching it.
EMBLEM's user avatar
EMBLEM
  • 113

15 30 50 per page
1
2
3 4 5
7