[sf-lug] Intel's Meltdown and (everyone's) Spectre flaws

Rick Moen rick at linuxmafia.com
Thu Jan 4 13:01:31 PST 2018

Quoting acohen36 (acohen36 at SDF.ORG):

> Much recent clamor over the last few days about Intel Inc's
> "Meltdown" and "Spectre" flaws, that have apparently been in nearly
> all Intel CPU's since even before the start of the Millenium(?)
> E.g., as reported in at least
> - ' "Meltdown" and "Spectre": Every modern processor has unfixable
> security flaws'[1]
> - 'What's behind the Intel design flaw forcing numerous patches?'[2]
> - 'Spectre and Meltdown: Details you need on those big chip flaws'[3]
> - 'Meltdown and Spectre -- Bugs in modern computers leak passwords
> and sensitive data.'[4]
> Anyone have further thoughts on Meltdown and Spectre?
> Helpful insights on this from Rick M, Akkana P, and others?

It's all over the news, right?

> IIRC, the most recent SF-LUG post on Intel's "problems" was Rick M's
> post on 'Intel reveal security problems with the IME, finally' from
> ~1.5 months ago, see [5].

Bear in mind, the Intel Management Engine problem is separate from, and
in addition to, that lingering menace.  Here's what I just posted to the
SVLUG list about Meltdown and Spectre:

Quoting Sarah Newman (newmans at sonic.net):

> There are actually 3 different classes of vulnerabilities. It's not
> just Intel. https://developer.arm.com/support/security-update

Good point.  Google's Security Blog has a very general rundown about
these findings from the Project Zero researcher:
It's pretty woefully deficient on specifics.
https://meltdownattack.com/ (from the researchers) is better, and
the ARM page at least outlines the three attacks and gives their CVEs:

Variant 1: bounds check bypass (CVE-2017-5753)    [RM: Spectre]
Variant 2: branch target injection (CVE-2017-5715)[RM: Spectre]
Variant 3: rogue data cache load (CVE-2017-5754)  [RM: Meltdown - Intel-specific]

Which ARM cores aren't and aren't affected by Spectre is shown on the
ARM page.  In general terms, _some_ 64-bit Intel, AMD, and ARM
processors are affected by Spectre, specifically those with 'speculative
execution'.  https://developer.arm.com/support/security-update

C code to test for the Spectre vulnerability:

As to Meltdown and Intel CPUs, researchers' claim is that 'every Intel
processor which implements out-of-order execution is potentially
affected, which is effectively every processor since 1995 (except Intel
Itanium and Intel Atom before 2013)'.
They says it's not been confirmed yet on anything but Intel CPUs, e.g.,
not yet on ARM, AMD, MIPS, SPARC64, etc.

The patches for Linux, MS-Windows, and OS X adress Meltdown; fixing
Spectre is a work in progress, i.e., there are experimental Linux
patches for one of the two Spectre attacks, Variant 2:

Here's part of the work on Variant 1:

I have to say that 'Don't worry and just run Javascript from arbitrary
locations on the Web' is looking like an even worse idea than before,
given these side-channel exploits against system RAM.

I think _way_ more people other than VPS vendors need to be worried.

Cheers,                     « Le doute n'est pas une état bien agréable, mais
Rick Moen                   l'assurance est un état ridicule. »  ("Doubt is not 
rick at linuxmafia.com         a pleasant condition, but certainty is absurd.')
McQ! (4x80)                                                       -- Voltaire 

More information about the sf-lug mailing list