Tales from the Certified Hacker: Meltdown and Spectre Processor Issues

10 Jan 2018

By now, most of you who read this should be aware of the issues with modern processors from around 1995 onwards. It has taken 23 years for the issues to come to light, and it appears that at this stage, using these vulnerabilities to hack into a system may be more difficult than the scaremongers out there have been stating.

First of all, a simple explanation of the problem. In order to gain as much speed as possible from our computers, a process named Speculative Processing is used. This feature has the processor fetching and processing instructions which MAY be used in future. If the instructions and the results are used, we gain extra speed as the processor does not have to wait for the instructions to be loaded and the result of the processing is much faster. If the pre-fetched instructions are not used, the results are still, however in cache, and therein lies the problem. When the processor switches back to user mode from kernel mode, cached data from kernel mode speculative processing may be available in user mode.

A technical explanation from the official CVE (Common Vulnerabilities and Exposures) itself is: Systems with microprocessors utilising speculative execution and indirect branch prediction may allow unauthorised disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

Note that both Meltdown and Spectre have the same CVE; both state MAY allow… by an attacker with LOCAL USER ACCESS. Further to that, there is no information available that it has been performed in the wild, so far only in laboratories. This is not to say we should forget about this problem, we should update our software as soon as possible to limit the danger as usual, but neither should we lose any sleep over this issue. It is probably most dangerous if we have a hypervisor configured on our hardware such as Hyper-V, ESXi or XenServer, and we are allowing remote users access to a virtual machine running on that hypervisor. The timing required in order to abuse this vulnerability, however, is very strict so that the possibility of an attack is minimal.

References:
National Institute of Standards and Technology CVE listing
Intel
AMD
Krebs on Security

Stay safe,
Terry Griffin
Principal Technologist: Security