Meltdown and Spectre
This submission is currently being researched & evaluated!
You can help confirm this entry by contributing facts, media, and other evidence of notability and mutation.
About
Meltdown and Spectre are security vulnerabilities in 64-bit Intel central processing units (CPUs) which grant access to privileged system memory to unauthorized processes and allows cyber attacks to trick error-free programs into leaking sensitive data.
History
On January 2nd, The Register[3] published an article about a "kernel-memory-leaking Intel processor design flaw," which would require a patch that could slow down processors by up to 30%. On January 3rd, 2018, the Project Zero[2] team at Google announced the discovery of the Meltdown and Spectre exploits targeting processors created by Intel, AMD and ARM, which use "CPU data cache timing" to "leak information out of mis-speculated execution."
Online Reaction
That day, the website MeldownAttack[1] was created, providing information on the Meltdown and Spectre processor exploits. Meanwhile, YouTuber Moritz Lipp uploaded footage of Meltdown exploit "dumping memory" (shown below). That day, the video gathered upwards of 117,000 views.
Meanwhile, Redditlor digital_desert uploaded submitted an animation of Meltdown "stealing passwords" to /r/netsec[4] (shown below).
On January 4th, Redditor 2evil submitted a post accusing the Intel CEO of selling $24 million shares in the company prior to the announcement of the design flaw, along with a photoshopped Intel logo with the slogan "insider trading" (shown below). Within 11 hours, the post gained over 67,000 points (86% upvoted) and 2,700 comments on /r/funny.[5]
Search Interest
External References
[1] Meltdownattack.com – Meltdown Attack
[2] Google Project Zero Blogspot – Reading privileged memory with a side-channel
[3] The Register – Kernel-memory-leaking Intel processor design flaw forces Linux
[4] Reddit – Stealing passwords via Meltdown vulnerability in real-time
[5] Reddit – Intel CEO sold 24m of his shares
![From Date Subject Re: Avoid speculative indirect calls in kernel Linus Torvalds <> Wed, 3 Jan 2018 15:51:35-0800 On Wed, Jan 3, 2018 at 3:09 PM, Andi Kleen <andi@firstfloor.org wrote: > This is a fix for Variant 2 in ading-pr ed-memor ide > Any speculative indirect calls in the kernel can be tricked to execute any kernel code, which may allow side channel » attacks that can leak arbitrary kernel data Why is this all done without any configuration options? A *competent* CPU engineer would fix this by making sure speculation doesn't happen across protection domains. Maybe even a L1 I$ that is keyed by CPL. I think somebody inside of Intel needs to really take a long hard look at their CPU's, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed .. and that really means that all these mitigation patches should be written with "not all CPU's are crap" in mind Or is Intel basically saying "we are committed to selling you s--- forever and ever, and never fixing anything"? Because if that's the case, maybe we should start looking towards the ARM64 people more Please talk to management. Because I really see exactly two possibibilities: Intel never intends to fix anything OR - these workarounds should have a way to disable them. Which of the two is it? Linus Last update: 2018-01-04 00:53 [W:0.021 /U:1.412 seconds] ©2003-2017 Jasper Spaans. hosted at Digital Ocean idvertise on this site](https://i.kym-cdn.com/photos/images/list/001/329/312/a5f.png "Linus Torvalds is angry")
Top Comments
HorseKick
Jan 04, 2018 at 09:33PM EST in reply to
Jagger Huff
Jan 04, 2018 at 09:34PM EST in reply to