Unbounded Systems co-founder Manish Vachharajani discusses the Meltdown vulnerability in detail, explaining the basic hardware features that Meltdown exploits, the Flush+Reload side channel attack it exploits, and the KAISER approach to managing kernel memory that is used to work around the hardware vulnerability.
Early this year (2018), two major hardware vulnerabilities were announced – Spectre and Meltdown. Of the two, Meltdown is far more benign, far easier to mitigate, and easier to understand.
Both Spectre and Meltdown work by exploiting side effects from speculative execution – where a processor guesses the results of some instructions so that it can execute later instructions in the program in the hopes of doing useful work while waiting for earlier code to complete.
Meltdown uses the fact that Intel processors (AMD and other processors appear immune at this time) will, during speculation, access memory that belongs to the Operating System kernel (privileged memory) to which an attacker (unprivileged code) should have no access. The processor corrects this error before any of the results can be seen through normal channels, but Meltdown uses the leftover side effects of speculation to leak this information through a side channel.
Fortunately there is a good kernel fix that can eliminate the problem on affected systems with only a modest performance penalty in most cases. As with Spectre, the bug also requires the ability to run code on the system, so systems that don’t run untrusted code should not be an issue. It also seems that Meltdown cannot be exploited via JavaScript on its own, at least not without using techniques described in the Spectre attack.
Eventually, new processors will contain the obvious hardware fix for this problem – avoiding speculative loads of privileged data from unprivileged code. Until then, the kernel fix completely addresses the issue on systems that deploy it, if you can tolerate the performance penalty.
For a more detailed explanation, check out the video above.
Join the conversation
Your email address will not be published. Required fields are marked *
0 Comments