What we read about Meltdown and Spectre

 

A lot of things have been said and explained about it. Here is what we found interesting:

 

 

Advisories

  • CVE-2017-5715 : “Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.”  (Variant 1: bounds check bypass aka Spectre)
  • CVE-2017-5753 : “Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.” (Variant 2: branch target injection aka Spectre)
  • CVE-2017-5754 : “Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.” (Variant 3: rogue data cache load aka Meltdown)

Linux Kernel


elsewhere than in the kernel


Intel


Linux Distributions and vendors


Hosting companies


How to check vulnerability

  • Spectre and Meltdown Checker – “A simple shell script to tell if your Linux installation is vulnerable against the 3 “speculative execution” CVEs

French articles


xkcd.com