Researchers reveal Meltdown and Spectre CPU exploits (affects all programs including Gaming)
After building speculation fueled by media reports (including our own) ahead of a planned coordinated release, researchers at Google, academic institutions, and other companies have revealed a pair of attack classes this afternoon that exploit fundamental operating principles of modern CPUs to allow attackers to arbitrarily read data from the memory of vulnerable systems.
The first, called "Meltdown," breaks down CPU-level protections that prevent unprivileged applications from reading arbitrary system memory, including privileged memory locations corresponding to the operating system's kernel, using what the researchers describe as side effects of out-of-order execution on modern processors.
According to the Meltdown paper, the researchers were able to successfully perform the Meltdown attack using unprivileged code on Intel microarchitectures because of a privilege escalation vulnerability specific to that company's CPUs, but could not successfully execute the full version of the attack on AMD and ARM CPUs.
The researchers warn that every Intel CPU employing out-of-order execution could be vulnerable to the Meltdown attack, which is to say all Intel chips dating back to the Pentium Pro are vulnerable outside of some in-order Atom cores. The principle of kernel page table isolation (KPTI) described in our earlier news post on this topic was not specifically designed to mitigate this attack, according to the researchers, but it does effectively stop an attacker from exploiting this vulnerability.
The researchers urge the adoption of KPTI-style mitigations for Meltdown as soon as possible—something that macOS, Windows, and Linux have done or are in the process of doing.
The second class of attack, called Spectre, apparently allows similar leaking of memory contents through misdirection of certain speculative execution features present in all modern CPUs. The researchers say they have verified the attack on processors from Intel, AMD, and ARM. The researchers further note that Spectre attacks are harder to carry out but also defy easy mitigation, as with Meltdown.
https://spectreattack.com/#faq-fix
Which systems are affected by Meltdown?
Desktop, Laptop, and Cloud computers may be affected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). We successfully tested Meltdown on Intel processor generations released as early as 2011. Currently, we have only verified Meltdown on Intel processors. At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown.
Which systems are affected by Spectre?
Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors.
