Questions tagged [spectre]
A side-channel vulnerability from 2018, affecting modern microprocessors that perform branch prediction (such as Intel, AMD, ARM, Sparc and PowerPC), allowing user processes to read memory belonging to other processes. Affects Linux, OS X, and Windows.
96
questions
2
votes
1
answer
46
views
How can a timing/cache side-channel attack be performed? How can attack know the time of which certain instructions are performed by the victim?
About timing my question is:
How can attack know the time of which certain instructions are performed by the victim?
And about the cache, how can attacker know which cache line is being accessed by ...
4
votes
1
answer
375
views
What does COEP do that CSP doesn't already do?
Both Cross-Origin-Embedder-Policy and Content-Security-Policy seem to do pretty similar things: they restrict the document from loading certain types of subresources (e.g. cross-origin subresources). ...
1
vote
2
answers
535
views
Are Haswell CPUs still secure? Do they still get microcode updates?
I have a Dell laptop with a Haswell CPU, and the recent Retbleed vulnerabilities made me think how vulnerable it is in general. The whitepaper implies Haswell quite a lot, but it wasn't tested. I keep ...
0
votes
1
answer
958
views
COOP and COEP: Is there an advantage to enabling COOP / COEP if I don't need to use the sharedArrayBuffer or other features?
COOP: cross origin opener policy
COEP: Cross origin embedder policy
Most of the articles on the web, related to COOP / COEP, point to the fact that by enabling COOP / COEP , your web page can use the ...
3
votes
0
answers
184
views
How to select a CPU to buy for the best security?
Various versions of Spectre, Meltdown, Foreshadow and ZombieLoad make it quite the jungle trip to navigate which CPUs are affected, how to mitigate them.
Right now, my problem is that I need a new ...
1
vote
1
answer
216
views
Are CPU side-channel attacks still a concern on VPSs
I've been looking into getting a VPS to run an OpenVPN server on and a few other things. I've been speaking to a hosting company and they have sent me this screenshot to show they are protected ...
2
votes
1
answer
825
views
Does enabling SharedArrayBuffers via service worker headers create Spectre vulnerability?
In browsers, use of SharedArrayBuffer is restricted to sites with the following HTTP headers because otherwise it exposes vulnerabilities to Spectre and Meltdown.
Cross-Origin-Embedder-Policy: require-...
1
vote
1
answer
509
views
Is protecting against Meltdown and Spectre on virtual servers actually possible?
I've been reading into the Meltdown and Spectre bugs recently and the issues they cause for virtualised servers, as memory in one VM can potentially be accessed by another user in a separate VM with ...
0
votes
1
answer
304
views
Are there any class of systems where it is safe to disable spectre and meltdown patches
I was not able to find a definite answer to the question whether it is safe to disable spectre and meltdown vulnerabilities but i could articles that suggests the defaults might be revisited & ...
2
votes
2
answers
266
views
What is the impact and threat of Spectre in Javascript?
If you have looked into this demo of Spectre in JavaScript: Did I get it right that only current site memory can be accessed, due to site isolation etc? I saw there is also an addon to detect attackts ...
1
vote
0
answers
307
views
Prefetch Side-Channel Attacks:Bypassing SMAP and Kernel ASLR
I'm trying to understand and perform the Prefetch Side-Channel Attacks:Bypassing SMAP and Kernel ASLR. The author have released the proof-of-concept code.
I'm trying to run the attack on my Intel ...
0
votes
0
answers
154
views
Secure code makes exploitation easier with CPU vulnerabilities?
I researched CPU vulnerabilities in the past, such as Specter and Meltdown.
I read that one of those attacks is made easier if the code is a certain way. I cannot remember if it was related to being ...
1
vote
1
answer
214
views
are small SOC chips also affected by Meltdown and Spectre?
How can I find out, if given CPU is affected by the Meltdown and Spectre bugs ?
My CPU is relatively older, and it is a SOC chip:
AMD GX-412TC SOC
I was not able to find, whether these chips also ...
4
votes
0
answers
293
views
What kind of attacks can hardware level memory encryption protect from?
Both AMD and Intel have introduced memory encryption at the hardware level. AMD calls this Secure Memory Encryption (SME), with the Intel version being Total Memory Encryption (TME).
What kind of ...
4
votes
1
answer
5k
views
Sacrificing 30% of my CPU performance (by disabling Hyper-Threading) to fully mitigate CPU vulnerabilities, necessary?
I used the spectre-meltdown-checker, version 0.42, without any option resulting in all-green results. But, in a help page, I found the --paranoid switch, which resulted in about a half of later CVEs ...
1
vote
0
answers
144
views
How would one compare Cache Allocating Technology against MIT's Dynamically Allocated Way Guard for prevention of the Spectre side-channel Attack?
Upon research, I'm finding it difficult to identify a way to compare each solution. Is it correct in saying both solutions are software based? Therefore, could I compare overall PC perfomance with ...
3
votes
1
answer
620
views
Do I need microcode update if I update Kernel?
There is a CPU vulnerability Microarchitectural Fill Buffer Data Sampling.
I use a Linux OS and I think to fix Microarchitectural Fill Buffer Data Sampling you need to update intel microcode or ...
6
votes
1
answer
438
views
How risky would it be to run a Linux kernel without Spectre and Meltdown patches on a regular desktop system?
What would happen if we adopted: https://make-linux-fast-again.com/
Assume the system is used for development and general browsing.
Are there any cases of these vulnerabilities being exploited in ...
1
vote
1
answer
255
views
Application level protection against Meltdown, Spectre, Foreshadow, Fallout. Zombieload
Is it possible to develop an application in such a way that its data in memory cant be stolen by recent attacks such as Meltdown, Spectre, Foreshadow, Fallout. Zombieload? All mitigations focus on ...
1
vote
0
answers
218
views
Software mitigation for variant 3a (rogue system register read) and variant 4 (speculative store bypass)
AFAIK, all mitigable meltdown / spectre variants have software mitigation except for variant 3a and 4. Why is this the case?
For variant 4, a straightforward software mitigation is to place lfence ...
2
votes
1
answer
4k
views
Is Meltdown/Spectre mitigation necessary in virtual machine as well as in hypervisor? [duplicate]
I am running virtual machines in kvm/qemu hypervisor. The hypervisor has Meltdown/Spectre mitigation enabled in kernel.
Is it necessary that virtual machines have the Meltdown/Spectre mitigation ...
0
votes
0
answers
217
views
Meltdown checker says AWS and Rackspace is vulnerable - Why?
Today I was curious how my vmware environment stacked up against Spectre and Meltdown. So I ran spectre-meltdown-checker. It came back clean with
7 of 8 variants OK (the failed one is apparently ...
2
votes
2
answers
262
views
Can someone explain in layman terms how Spectre and Meltdown expose protected data
I'm working on a document about them and I think I understand it general what happens -> by exploiting the CPUs memory caching and speculative execution but I'm a little lost of how protected data is ...
3
votes
1
answer
870
views
Mitigation of Spectre and Meltdown affecting host OS from guest OS (Virtualbox)
I don't know all the details of Spectre and Meltdown, but the way I understand it is that they allow reading from memory, not writing to it. Also, I read that at least Spectre can get out of the ...
0
votes
1
answer
239
views
Do any speculative executation attacks affect ARMv7 CPUs?
Do we know if there are speculative execution attacks that affect ARMv7 CPUs at this time? Are there any theoretical risks that need further investigation?
16
votes
2
answers
3k
views
Are new AMD processors more secure than Intel ones?
Since the discovery of Meltdown and Spectre, CPU security has been compromised and trust to the main manufacturers reduced, particularly Intel. 8 months later I wonder, what CPUs are more secure at ...
2
votes
1
answer
1k
views
Privacy implications of Intel CPU backdoors [closed]
I didn't follow all the episodes about backdoors in Intel CPUs
What can intelligence or law enforcement agencies potentially do on a computer equipped with a vulnerable Intel CPU (connected to the ...
5
votes
1
answer
2k
views
Can speculative execution on intel cpu be disabled?
In the light of all the recent Intel Vulnerabilities with speculative execution, can speculative execution be fully disabled to protect from all this vulnerabilities, from BIOS or OS kernel?
Maybe ...
3
votes
1
answer
414
views
How to fix Spectre variant 3a and variant 4?e
How I can fix CVE-2018-3640 [rogue system register read] aka 'Variant 3a' and CVE-2018-3639 [speculative store bypass] aka 'Variant 4'? My status for them is VULNERABLE. I have Intel CPU and using ...
0
votes
1
answer
205
views
Do Meltdown and Spectre affect other Intel products such as SSDs?
I've found a good deal on an Intel SSD but I don't want to worry about the security hole or the loss of performance from patching it.