Skip to main content
Information Security

Questions tagged [spectre]

Ask Question

A side-channel vulnerability from 2018, affecting modern microprocessors that perform branch prediction (such as Intel, AMD, ARM, Sparc and PowerPC), allowing user processes to read memory belonging to other processes. Affects Linux, OS X, and Windows.

96 questions
Newest Active Bountied Unanswered
172 votes
3 answers
17k views

Meltdown and Spectre Attacks

Canonical question regarding the 2018 Jan. disclosed Meltdown and Spectre Attacks. Other identical or significantly similar questions should be closed as a duplicate of this one. Main concerns What ...
M'vy's user avatar
M'vy
  • 13.1k
54 votes
4 answers
15k views

Spectre/meltdown on a GPU

Are GPUs vulnerable to spectre/meltdown attacks, since they have most of what makes CPUs attackable? Is there any information in the VRAM, that would cause trouble if it was stolen?
Bálint's user avatar
Bálint
  • 613
53 votes
3 answers
16k views

Is it true that meltdown and spectre were intended as debug tools?

I heard from a guy that's involved in low-level (assembler, C for drivers and OSes) programming, that meltdown and spectre weren't actually vulnerabilities discovered only so recently, but they were ...
Antek's user avatar
Antek
  • 663
48 votes
3 answers
16k views

Are new Intel CPUs vulnerable to Meltdown/Spectre?

Has Intel released any information about new processors? According to their advisory a number of processors are susceptible, but it says nothing about when new processors will be fixed. Also Meltdown ...
bitmask's user avatar
bitmask
  • 627
35 votes
6 answers
10k views

On Windows boxes, is patching for Spectre and Meltdown necessary?

From what I've read, Spectre and Meltdown each require rogue code to be running on a Windows box in order for attacks to take place. The thing is, once a box has rogue code running, it's already ...
End Antisemitic Hate's user avatar
End Antisemitic Hate
  • 3,154
26 votes
1 answer
2k views

Which attacks are known that exploit the vulnerability known as Spectre?

As reported yesterday the Linux and Windows kernels will receive a security update pretty soon to close vulnerabilities that concern 'kernel memory leaking'. What exactly the design flaw is, that was ...
Tom K.'s user avatar
Tom K.
  • 7,991
22 votes
1 answer
3k views

How can SharedArrayBuffer be used for timing attacks?

Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. The ...
curiousdannii's user avatar
curiousdannii
  • 361
21 votes
2 answers
1k views

Just how bad is Spectre?

Reading the whitepaper, it sounds like doom and gloom. The main webpage states “Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent ...
Shelvacu's user avatar
Shelvacu
  • 2,393
16 votes
2 answers
3k views

Are new AMD processors more secure than Intel ones?

Since the discovery of Meltdown and Spectre, CPU security has been compromised and trust to the main manufacturers reduced, particularly Intel. 8 months later I wonder, what CPUs are more secure at ...
user3770060's user avatar
user3770060
  • 163
14 votes
3 answers
9k views

Should Virtual Machines be patched for Meltdown and Spectre?

In Meltdown and Virtual Machines it was clarified that at least Spectre works crossing VMs. This of course means that the Hypervisor must be patched, but Should the VM OS be patched as well? Not ...
Envite's user avatar
Envite
  • 261
14 votes
1 answer
839 views

Is anyone seeing a performance decrease after applying recent kernel patch fixing Meltdown and Spectre? [closed]

Our company has a lot of CPU intensive operations on our servers, so the performance decrease is a concern for the organization. We did the benchmarks, and it seems that performance is almost not ...
Jason Holcomb's user avatar
Jason Holcomb
  • 188
14 votes
1 answer
2k views

Was Meltdown/Spectre discovered in 1991 or 1995?

Wikipedia mentions this paper without going into details: The Intel 80x86 Processor Architecture: Pitfalls for Secure Systems: As mentioned in the preceding scenario, caches present potential for ...
chx's user avatar
chx
  • 605
13 votes
1 answer
1k views

Are Meltdown and Spectre only exploitable with compiled code?

Is a system vulnerable where the only untrusted code is interpreted, JIT'd, or executed in a VM as bytecode? Does it depend on the language? Compiler? Or, do attacks depend on the attacker loading ...
svidgen's user avatar
svidgen
  • 733
13 votes
1 answer
3k views

How does Meltdown/Spectre impact Intel SGX?

I've been reading about Meltdown and Spectre today, and I'm wondering if they impact Intel SGX enclaves. Now, my understanding of Meltdown is somewhat hazy, but AFAICT it does not impact secure ...
strugee's user avatar
strugee
  • 729
9 votes
1 answer
608 views

What does Spectre mean for public cloud computing?

From a tweetstorm by security journalist Nicole Perlroth: The most visceral attack scenario is an attacker who rents 5 minutes of time from an Amazon/Google/Microsoft cloud server and steals data ...
Anders's user avatar
Anders
  • 65.7k

15 30 50 per page
1
2 3 4 5
7