Questions tagged [spectre]
A side-channel vulnerability from 2018, affecting modern microprocessors that perform branch prediction (such as Intel, AMD, ARM, Sparc and PowerPC), allowing user processes to read memory belonging to other processes. Affects Linux, OS X, and Windows.
17
questions
172
votes
3
answers
17k
views
Meltdown and Spectre Attacks
Canonical question regarding the 2018 Jan. disclosed Meltdown and Spectre Attacks. Other identical or significantly similar questions should be closed as a duplicate of this one.
Main concerns
What ...
6
votes
2
answers
660
views
Why do CPUs operate speculatively with results of forbidden memory fetches?
By my understanding, the Meltdown and Spectre attacks both exploit the fact that some modern processor, when given something like:
if (x < arr1[y])
z = arr2[arr3[x]*256];
may sometimes fetch ...
22
votes
1
answer
3k
views
How can SharedArrayBuffer be used for timing attacks?
Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. The ...
14
votes
3
answers
9k
views
Should Virtual Machines be patched for Meltdown and Spectre?
In Meltdown and Virtual Machines it was clarified that at least Spectre works crossing VMs. This of course means that the Hypervisor must be patched, but
Should the VM OS be patched as well?
Not ...
8
votes
1
answer
1k
views
Intel firmware/microcode updates that make processors "immune" to both Spectre and Meltdown?
Recently Intel has claimed the following in a press release (emphasis added):
SANTA CLARA, Calif., Jan. 4, 2018 — Intel has developed and is rapidly issuing updates for all types of Intel-based ...
0
votes
1
answer
198
views
Spectre PoC - Paper based - opposite results
After long discussion with this Question (Thanks for help!)
Spectre Proof of Concept (PoC) Speculative Execution - Checking for value
Came up with simple PoC based on Spectre paper.
Seems to be ...
26
votes
1
answer
2k
views
Which attacks are known that exploit the vulnerability known as Spectre?
As reported yesterday the Linux and Windows kernels will receive a security update pretty soon to close vulnerabilities that concern 'kernel memory leaking'.
What exactly the design flaw is, that was ...
21
votes
2
answers
1k
views
Just how bad is Spectre?
Reading the whitepaper, it sounds like doom and gloom. The main webpage states “Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent ...
8
votes
1
answer
1k
views
Is branch predictor flush instruction a complete Spectre fix?
I have understood that Spectre works mainly by exploiting the branch predictor state. Bounds check bypass and branch target injection are two faces of the same coin, the interaction of speculative ...
6
votes
1
answer
439
views
Why does my unpatched system *appear* to not be vulnerable to Spectre?
Since the corresponding research papers offer quite explicit descriptions publicly, I suppose that publishing my code below is not considered as encouraging or endorsing exploits. Nevertheless, I am ...
5
votes
1
answer
848
views
Reducing resolution of timers as mitigation against Meltdown and Spectre
I have read that Firefox' current mitigation against Meltdown and Spectre (from 57.x) consists of the following:
The resolution of performance.now() will be reduced to 20µs.
The ...
5
votes
1
answer
542
views
Why were Meltdown and Spectre disclosed at the same time?
Both the Meltdown and Spectre vulnerabilities were publicly disclosed on January 3, 2018. (6 days ahead of the originally planned January 9).
Since their public reveal, there has been some confusion ...
5
votes
1
answer
2k
views
Do I need to patch Linux for Meltdown/Spectre if the hypervisor has been patched, and I trust the guest?
If I'm running a VM on Amazon EC2 or Microsoft Azure, and they've patched the underlying hypervisor, do I need to upgrade my Linux kernel to protect against Meltdown or Spectre?
Assume that I'm not ...
4
votes
3
answers
1k
views
Do the Spectre and Meltdown CPU bugs affect AMD in addition to Intel?
If a server or or PC is running AMD CPUs, will those be affected by the Spectre and/or Meltdown bugs currently effecting Intel chips?
Why or why not?
What makes it affect one and not the other? How ...
3
votes
1
answer
842
views
Spectre Proof of Concept (PoC) Speculative Execution - Checking for value
Inspired by this question and based on this:
Why does me unpatched sytsem *appear* to be not vulenrable by Spectre?
Figured out I will open a new question, instead of "polluting" somebody else ...