What are Meltdown and Spectre?

meltdown-spectre-h5.jpg

Updated: 01/24/2018 by Computer Hope

Meltdown and Spectre are security vulnerabilities that affect the majority of modern CPUs. Practical exploits for these vulnerabilities were discovered independently in 2017 by researchers at Graz University of Technology in Austria, and Google’s Project Zero in California. The vulnerabilities were formally announced on January 3, 2018.

Meltdown

Meltdown logoMeltdown is a vulnerability specific to Intel CPUs. When Intel CPUs are asked to prefetch data, they read the data before checking the privileges of the user. Although privileged data is not delivered to the unprivileged user, the CPU operates differently based upon the specific data that was fetched. An attacker can monitor the processor’s performance in a “side-channel”, and discern important details about the data. This information improves or guarantees the chance that subsequent attacks will succeed.

General diagram of a Meltdown attack

The effect is similar to seeing someone moving something behind a curtain. You cannot see the thing, but if you can see its shape and movement in the curtain, you can make an educated guess about what it is. It’s called “Meltdown” because the informational barrier that protects privileged data is effectively dissolved by the attack.

The video below, created by researchers who discovered it, shows a proof-of-concept Meltdown attack in action.