On Meltdown and Spectre
A security flaw in microprocessor architecture, affecting mainly Intel, ARM and to an extend AMD products, has been disclosed by Google security researchers. The bugs, named Meltdown and Spectre, according to the researchers rely on exploiting of critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents. Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.
Already some proof of concept exploits have emerged. Solutions are already available in the form of OS patches and updates, although they are known to cause serious performance issues. The Linux kernel KTPI workaround, has been shown to cause 17% (best case) to 23% (worst case) slowdown in DB operations.
Our technical opinion is that, currently, the bug, while significant, does not constitute an immediate threat; as known exploits require command execution capabilities to the machine. Given the potential performance impact, incurred by the proposed solutions, one should not proceed in haste and instead take into account system availability and performance when planning the necessary upgrades. It is expected that new exploits leveraging the flaws will appear soon.
Intel and AMD CPUs, and selected Arm cores [see further references below] are vulnerable to Spectre Variant 1 attacks. Intel and said Arm cores are vulnerable to Spectre Variant 2. Only Intel CPUs and one Arm core – the yet-to-ship Cortex-A75 – are vulnerable to Meltdown, the easiest to exploit of all the flaws.
Related MITRE CVE / NIST NVD numbers
- CVE-2017-5753: Known as Variant 1, a bounds check bypass
- CVE-2017-5715: Known as Variant 2, branch target injection
- CVE-2017-5754: Known as Variant 3, rogue data cache load
CERT advisory: https://www.kb.cert.org/vuls/id/584653
- Disclosure: https://googleprojectzero.blogspot.gr/2018/01/reading-privileged-memory-with-side.html
- Novel mitigation and performance insights: https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html
- Servers: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s
- Clients: https://support.microsoft.com/en-us/help/4073119/windows-client-guidance-for-it-pros-to-protect-against-speculative-exe
- Security Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- Vulnerability Disclosures: https://access.redhat.com/security/vulnerabilities/speculativeexecution
- See KPTI workaround: https://lkml.org/lkml/2017/12/4/709
- Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
PostgreSQL performance tests
- Vulnerability information webpages: https://spectreattack.com/ and https://meltdownattack.com/
- Intel response: https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
- AMD response: http://www.amd.com/en/corporate/speculative-execution
- ARM response and affected microprocessor list: https://developer.arm.com/support/security-update
These issues were researched and reported by researchers at Google Project Zero and the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz).