Meltdown and Spectre attack

The Meltdown attack (CVE-2017-5754) exploits an information disclosure vulnerability in CPU chipsets that support out-of-order execution. CPU chipsets from multiple vendors use out-of-order execution to improve instruction execution performance.  Modern operating systems rely on memory isolation between userspace applications and the operating system kernel.  If a userspace application attempts to access a memory location reserved for the operating system, the system triggers an exception.  A CPU chipset supporting out-of-order execution may fetch sensitive data and store it in the CPU cache before detecting the exception. The data remains uncleared in the CPU cache, where a malicious userspace application can access it via side-channel analysis.  The Meltdown attack also allows malicious userspace applications to access sensitive data from the memory spaces of other userspace applications.

The Spectre attack (CVE-2017-5753 and CVE-2017-5715) exploits an information disclosure vulnerability in CPU chipsets that support speculative execution through branch prediction.  CPU chipsets from multiple vendors use branch prediction to improve instruction execution performance. A malicious userspace application can obtain unauthorized access to sensitive data from the memory space of the same or a different userspace application by accessing data left uncleared in the CPU cache after speculatively executed CPU instructions. In one variant of the Spectre attack (CVE-2017-5753), the speculatively executed instructions follow an incorrect branch prediction. In a second variant (CVE-2017-5715), the instructions are loaded from the location of a mispredicted branch target.  CVE-2017-5715 may also allow malicious code running as a guest in a virtual machine to obtain unauthorized access to sensitive data from the VM hypervisor memory.

 

Ref.

https://www.symantec.com/blogs/threat-intelligence/meltdown-spectre-cpu-bugs

Meltdown and Spectre - https://meltdownattack.com/
CERT Vulnerability Note VU#584653 - http://www.kb.cert.org/vuls/id/584653
CVE-2017-5715 - https://nvd.nist.gov/vuln/detail/CVE-2017-5715
CVE-2017-5753 - https://nvd.nist.gov/vuln/detail/CVE-2017-5753
CVE-2017-5754 - https://nvd.nist.gov/vuln/detail/CVE-2017-5754