Vulnerabilities of Meltdown and Specter

Security problems were discovered by independent research groups six months ago, but details of the vulnerability were only made public on January 4, 2018.

It became known that all the processors produced by Intel in the last decade have a critical vulnerability. Later, it was found that AMD processors, as well as architectures, on which not only Windows, Linux and macOS work, but smartphones as well, were found to be vulnerable. The discovered security problems are especially large, because the error is not contained in the software, but in the processors themselves.

Meltdown allows you to break the isolation between user applications and the operating system, which allows the malicious program to gain unauthorized access to kernel memory and read private data. It is subject to the processors Intel (manufactured since 1995) and ARM64 (Cortex-A15 / A57 / A72 / A75)

Specter ("Ghost") allows a malicious reader to read data to which it does not need to be accessed. Intel, AMD (only with eBPF in the core) and ARM64 (Cortex-R7 / R8, Cortex-A8 / A9 / A15 / A17 / A57 / A72 / A73 / A75) are subject to this attack.

The vulnerability also allows access to foreign memory in systems of paravirtualization and container isolation (including Docker, LXC, OpenVZ). For example, a user of one virtual machine can get the contents of the memory of the host system and other virtual machines.

The update for protection against Meltdown is already released for RHEL, CentOS and Fedora, Ubuntu (except for some distributions) and is expected for Debian.

Also, note that one of the tools for attack can be a web browser (for example, through the execution of JavaScript code). The developers of Google Chrome are working to integrate protection directly into the browser. The fix will be available in the release of Chrome, scheduled for January 23. Mozilla has introduced temporary fixes in Firеfox 57, making it difficult to attack, limiting the performance of the timer (performance.now) to 20μs and disabling the SharedArrayBuffer.


6 January 2018

You may be interested in