It appears that these two have produced a whole new class of vulnerabilities affecting almost all desktops, laptops, and phones.
No need to get into the gory details as many others have done a great job there. In summary, it is a vulnerability that involves virtual memory and the impact is wide ranging - affecting all operating systems that implement virtual memory and might involve a hardware fix (ie throw out your server and start over).
Intel uses "Speculative Execution", a technique used by most modern processors (CPUs) to optimize performance. This is similar to branch prediction and goes even further evaluating code ahead of time to get increased speeds. Testing by Google showed that an attacker running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host - revealing the contents of kernel memory from a user application.
To do this, that attacker might read to kernel memory location directly from a piece of malicious code. The processor will then "speculate" that the read operation will succeed and recovers the value of that memory, only later discovering that this is a violation and destroying the results.
What this means is that if the attacker does something like:
- Read the memory from KernelAddress1 into a register as an integer (illegal)
- Read the memory from (UserspaceAddress1 + the result of that last operation)
There is a possibility that step 2 will execute before the fault from step 1 has been recognized. It may also be possible that as a result of step 2 running, the data at (UserspaceAddress1 + KernelReadResult) will be added to the cache for speedy recovery.
This means that after the fault has occurred, an attacker can monitor the time it takes to read from this same userspace memory location to determine whether that value has been read before, thus determining the value of that protected kernel memory.
By carefully organizing memory in userspace, it's possible that an attacker can leverage these optimizations to learn what the value of kernel memory is at any arbitrary location. In simpler terms, think of it as escalation of privilege followed by information disclosure.
To compound the issue, disabling this will likely cause a 10-20% performance hit for pretty much all applications everywhere.
So What Does This Mean for You?
If you are using a modern machine, you are most likely affected by this vulnerability. If you are hosting VMs or are running software on a cloud environment, there is a risk that attackers on the same hardware will target your system to steal sensitive data. If you are an end user, it is more important than ever to be vigilant of what code is running on your machine and avoid visiting malicious web sites which might be using JavaScript to target your system.
Overall, the most important thing is to keep your systems patched and updated as quickly and as often as possible. Teams across all areas of technology (browsers, operating systems, cloud) are working around the clock to provide mitigations against this new category of vulnerabilities, so it is important to stay up to date in order to receive the benefit of these new protections.
It appears that there are three variants of the issue (CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754). The mapping is as follows:
Spectre
- Intel, ARM, AMD (though worst on Intel)
- CVE-2017-5753 and CVE-2017-5715
Meltdown
- Intel only
- CVE-2017-5754
Whitepapers for each:
Spectre - https://spectreattack.com/spectre.pdf
Meltdown - https://meltdownattack.com/meltdown.pdf