Questions tagged [spectre]
A side-channel vulnerability from 2018, affecting modern microprocessors that perform branch prediction (such as Intel, AMD, ARM, Sparc and PowerPC), allowing user processes to read memory belonging to other processes. Affects Linux, OS X, and Windows.
96
questions
172
votes
3
answers
17k
views
Meltdown and Spectre Attacks
Canonical question regarding the 2018 Jan. disclosed Meltdown and Spectre Attacks. Other identical or significantly similar questions should be closed as a duplicate of this one.
Main concerns
What ...
54
votes
4
answers
15k
views
Spectre/meltdown on a GPU
Are GPUs vulnerable to spectre/meltdown attacks, since they have most of what makes CPUs attackable? Is there any information in the VRAM, that would cause trouble if it was stolen?
53
votes
3
answers
16k
views
Is it true that meltdown and spectre were intended as debug tools?
I heard from a guy that's involved in low-level (assembler, C for drivers and OSes) programming, that meltdown and spectre weren't actually vulnerabilities discovered only so recently, but they were ...
48
votes
3
answers
16k
views
Are new Intel CPUs vulnerable to Meltdown/Spectre?
Has Intel released any information about new processors?
According to their advisory a number of processors are susceptible, but it says nothing about when new processors will be fixed. Also Meltdown ...
35
votes
6
answers
10k
views
On Windows boxes, is patching for Spectre and Meltdown necessary?
From what I've read, Spectre and Meltdown each require rogue code to be running on a Windows box in order for attacks to take place. The thing is, once a box has rogue code running, it's already ...
26
votes
1
answer
2k
views
Which attacks are known that exploit the vulnerability known as Spectre?
As reported yesterday the Linux and Windows kernels will receive a security update pretty soon to close vulnerabilities that concern 'kernel memory leaking'.
What exactly the design flaw is, that was ...
22
votes
1
answer
3k
views
How can SharedArrayBuffer be used for timing attacks?
Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. The ...
21
votes
2
answers
1k
views
Just how bad is Spectre?
Reading the whitepaper, it sounds like doom and gloom. The main webpage states “Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent ...
16
votes
2
answers
3k
views
Are new AMD processors more secure than Intel ones?
Since the discovery of Meltdown and Spectre, CPU security has been compromised and trust to the main manufacturers reduced, particularly Intel. 8 months later I wonder, what CPUs are more secure at ...
14
votes
3
answers
9k
views
Should Virtual Machines be patched for Meltdown and Spectre?
In Meltdown and Virtual Machines it was clarified that at least Spectre works crossing VMs. This of course means that the Hypervisor must be patched, but
Should the VM OS be patched as well?
Not ...
14
votes
1
answer
839
views
Is anyone seeing a performance decrease after applying recent kernel patch fixing Meltdown and Spectre? [closed]
Our company has a lot of CPU intensive operations on our servers, so the performance decrease is a concern for the organization.
We did the benchmarks, and it seems that performance is almost not ...
14
votes
1
answer
2k
views
Was Meltdown/Spectre discovered in 1991 or 1995?
Wikipedia mentions this paper without going into details: The Intel 80x86 Processor Architecture: Pitfalls for Secure Systems:
As mentioned in the preceding scenario, caches
present potential for ...
13
votes
1
answer
1k
views
Are Meltdown and Spectre only exploitable with compiled code?
Is a system vulnerable where the only untrusted code is interpreted, JIT'd, or executed in a VM as bytecode?
Does it depend on the language? Compiler?
Or, do attacks depend on the attacker loading ...
13
votes
1
answer
3k
views
How does Meltdown/Spectre impact Intel SGX?
I've been reading about Meltdown and Spectre today, and I'm wondering if they impact Intel SGX enclaves.
Now, my understanding of Meltdown is somewhat hazy, but AFAICT it does not impact secure ...
9
votes
1
answer
608
views
What does Spectre mean for public cloud computing?
From a tweetstorm by security journalist Nicole Perlroth:
The most visceral attack scenario is an attacker who rents 5 minutes of time from an Amazon/Google/Microsoft cloud server and steals data ...