Meltdown and Spectre: A close look at how these vulnerabilities have evolved
- Meltdown and Spectre are side-channel vulnerabilities affecting CPUs.
- The flaws could let hackers get hold of passwords, encryption keys and other sensitive information from a computer’s core memory.
At the beginning of 2018, nearly every computer chip was observed to be exploited in the wild, with two new flaws dubbed Spectre and Meltdown. These two flaws collectively affected nearly all CPU architectures that are in use today by desktops, cloud servers, servers, and laptops. While software patches for available to mitigate such vulnerabilities, it is believed that they may still impact systems performance.
Meltdown and Spectre are side-channel vulnerabilities affecting CPUs. The flaws could let hackers get hold of passwords, encryption keys and other sensitive information from a computer’s core memory via malicious apps running on devices. Although there is no evidence that these flaws have been exploited in the wild, information released by tech companies estimates that at least three billion chips - that are in use today - are vulnerable to attacks by Spectre, MIT Technology Review reported.
What is Meltdown?
Meltdown is a security hole that breaks the isolation between apps and the OS. Its name comes from its ability to melt security boundaries normally enforced by hardware. It primarily affects Intel and Apple chips and some ARM-based microprocessors (ARMCortex A75 chip). Intel CPUs that implement out-of-order execution are worst affected by the vulnerability. This includes nearly all Intel processors produced after 1995, with few exceptions such as Intel Itanium and Intel Atom CPU’s produced before 2013. However, AMD chips are unaffected.
By exploiting Meltdown, an attacker can use a program running on a machine to gain access to data from all the machine, including the data belonging to other programs.
What is Spectre?
Spectre is a vulnerability that breaks the isolation between programs. It gets its name from speculative execution. It basically affects nearly all processors made in the last two decades. This includes processors manufactured by AMD, ARM, Qualcomm, and Intel.
By exploiting Spectre, an attacker can make force a CPU to reveal some of its own data that should have been kept secret.
Security researchers discovered the flaws late in 2017 and are identified by its own CVE number. In January 2018, Meltdown was identified as CVE -2017-5754 (Common Vulnerabilities and Exposures), Spectre was related to CVE-2017-5753 and CVE-2017-5715
(also termed as Common Vulnerabilities and Exposures). The bugs let hackers get access to the kernel memory, thus giving access to private data.
On May 21, 2018, US-CERT warned organizations about two new variants of Spectre and Meltdown vulnerabilities,namely Variant 3a and 4. Variant 3a - assigned as CVE-2018-3640 - is a security flaw that can allow an attacker to gain access to speculatively read system parameters via side-channel analysis and obtain sensitive data.
On the other hand, Variant 4 - assigned as CVE-2018-3639 - could allow attackers to read older memory values stored in a CPU’s stack or other memory location. The vulnerability exploits ‘speculative bypass’.
On November 13, 2018, threat researchers uncovered seven new Spectre and Meltdown variants that affect Intel, AMD and ARM processors to varying degrees. Two new Meltdown variants and five new Spectre variants were discovered affecting the processors.
The two new versions of Meltdown are named as Meltdown - PK (Protection Key Bypass) and Meltdown BR (Bound Check Bypass). While the former affects the Intel CPUs, the latter affects both Intel and AMD X86 processors.
The five versions of Spectre are named as Spectre-PHT-CA-OP (Cross-Address-space Out of Place); Spectre-PHT-SA-IP (Same Address-space In Place); Spectre-PHT-SA-OP (Same Address-space Out of Place); Spectre-BTB-SA-IP(Same Address-space In Place); and Spectre-BTB-SA-OP (Same Address-space Out of Place).
In March 2019, researchers discovered a new flaw - identified as Spectre attack - affecting all Intel chips. Like the Spectre and Meltdown, this new attack abuses speculative execution in chips to leak secrets. It targets Memory Order Buffer which is used to manage memory operations. The vulnerability is tracked as CVE-2019-0162.
At this time, researchers have indicated that the only way to mitigate the vulnerabilities is to apply firmware updates to all affected devices. However, there are also conflicting reports that the vulnerabilities may still exist even after being patched - as these patches are likely going to make the attacks on the chips more difficult and not prevent them.