Skip to main content
Information Security

Questions tagged [spectre]

Ask Question

A side-channel vulnerability from 2018, affecting modern microprocessors that perform branch prediction (such as Intel, AMD, ARM, Sparc and PowerPC), allowing user processes to read memory belonging to other processes. Affects Linux, OS X, and Windows.

17 questions
Newest Active Bountied Unanswered
172 votes
3 answers
17k views

Meltdown and Spectre Attacks

Canonical question regarding the 2018 Jan. disclosed Meltdown and Spectre Attacks. Other identical or significantly similar questions should be closed as a duplicate of this one. Main concerns What ...
M'vy's user avatar
M'vy
  • 13.1k
6 votes
2 answers
660 views

Why do CPUs operate speculatively with results of forbidden memory fetches?

By my understanding, the Meltdown and Spectre attacks both exploit the fact that some modern processor, when given something like: if (x < arr1[y]) z = arr2[arr3[x]*256]; may sometimes fetch ...
supercat's user avatar
supercat
  • 2,059
22 votes
1 answer
3k views

How can SharedArrayBuffer be used for timing attacks?

Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. The ...
curiousdannii's user avatar
curiousdannii
  • 361
14 votes
3 answers
9k views

Should Virtual Machines be patched for Meltdown and Spectre?

In Meltdown and Virtual Machines it was clarified that at least Spectre works crossing VMs. This of course means that the Hypervisor must be patched, but Should the VM OS be patched as well? Not ...
Envite's user avatar
Envite
  • 261
8 votes
1 answer
1k views

Intel firmware/microcode updates that make processors "immune" to both Spectre and Meltdown?

Recently Intel has claimed the following in a press release (emphasis added): SANTA CLARA, Calif., Jan. 4, 2018 — Intel has developed and is rapidly issuing updates for all types of Intel-based ...
Alexander O'Mara's user avatar
Alexander O'Mara
  • 8,844
0 votes
1 answer
198 views

Spectre PoC - Paper based - opposite results

After long discussion with this Question (Thanks for help!) Spectre Proof of Concept (PoC) Speculative Execution - Checking for value Came up with simple PoC based on Spectre paper. Seems to be ...
dev's user avatar
dev
  • 997
26 votes
1 answer
2k views

Which attacks are known that exploit the vulnerability known as Spectre?

As reported yesterday the Linux and Windows kernels will receive a security update pretty soon to close vulnerabilities that concern 'kernel memory leaking'. What exactly the design flaw is, that was ...
Tom K.'s user avatar
Tom K.
  • 7,991
21 votes
2 answers
1k views

Just how bad is Spectre?

Reading the whitepaper, it sounds like doom and gloom. The main webpage states “Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent ...
Shelvacu's user avatar
Shelvacu
  • 2,393
8 votes
1 answer
1k views

Is branch predictor flush instruction a complete Spectre fix?

I have understood that Spectre works mainly by exploiting the branch predictor state. Bounds check bypass and branch target injection are two faces of the same coin, the interaction of speculative ...
juhist's user avatar
juhist
  • 273
6 votes
1 answer
439 views

Why does my unpatched system *appear* to not be vulnerable to Spectre?

Since the corresponding research papers offer quite explicit descriptions publicly, I suppose that publishing my code below is not considered as encouraging or endorsing exploits. Nevertheless, I am ...
Hagen von Eitzen's user avatar
Hagen von Eitzen
  • 1,138
5 votes
1 answer
848 views

Reducing resolution of timers as mitigation against Meltdown and Spectre

I have read that Firefox' current mitigation against Meltdown and Spectre (from 57.x) consists of the following: The resolution of performance.now() will be reduced to 20µs. The ...
Drux's user avatar
Drux
  • 391
5 votes
1 answer
542 views

Why were Meltdown and Spectre disclosed at the same time?

Both the Meltdown and Spectre vulnerabilities were publicly disclosed on January 3, 2018. (6 days ahead of the originally planned January 9). Since their public reveal, there has been some confusion ...
Stevoisiak's user avatar
Stevoisiak
  • 1,525
5 votes
1 answer
2k views

Do I need to patch Linux for Meltdown/Spectre if the hypervisor has been patched, and I trust the guest?

If I'm running a VM on Amazon EC2 or Microsoft Azure, and they've patched the underlying hypervisor, do I need to upgrade my Linux kernel to protect against Meltdown or Spectre? Assume that I'm not ...
Roger Lipscombe's user avatar
Roger Lipscombe
  • 2,317
4 votes
3 answers
1k views

Do the Spectre and Meltdown CPU bugs affect AMD in addition to Intel?

If a server or or PC is running AMD CPUs, will those be affected by the Spectre and/or Meltdown bugs currently effecting Intel chips? Why or why not? What makes it affect one and not the other? How ...
TestinginProd's user avatar
TestinginProd
  • 908
3 votes
1 answer
842 views

Spectre Proof of Concept (PoC) Speculative Execution - Checking for value

Inspired by this question and based on this: Why does me unpatched sytsem *appear* to be not vulenrable by Spectre? Figured out I will open a new question, instead of "polluting" somebody else ...
dev's user avatar
dev
  • 997

15 30 50 per page
1
2