• +357 22 44 46 44
  • info@datatech.com.cy
  • Zebra – Spectre and Meltdown Additional Information

    Zebra – Spectre and Meltdown Additional Information

    Zebra is aware of a new publicly-disclosed class of vulnerabilities that encompass 3 CVEs which form Spectre and Meltdown. These vulnerabilities can be exploited as “speculative execution side-channel attacks” executed by malware. The malware can impact many modern processors and operating systems including Intel, AMD, and ARM

     

    • Variant 1 – CVE-2017-5753, Spectre: Bounds check bypass
    •  

    • Variant 2 – CVE-2017-5715, Spectre: Branch target injection
    •  

    • Variant 3 – CVE-2017-5754, Meltdown: Rogue data cache load, memory access permission check performed after kernel memory read
    •  

    • CVE-2017-13218 is a general case mitigation for side-channel attacks that also addresses this issue.

     

    What are Spectre and Meltdown?

    Spectre and Meltdown are vulnerabilities that can be exploited as speculative execution side-channel attacks executed by malware. There are no known active exploits of either Spectre or Meltdown.

     

    • Spectre steals data from the memory of other applications running on a machine.
    •  

    • Spectre affects almost all modern processors – including those from AMD, ARM, and Intel.
    •  

    • Meltdown enables reading protected memory. It can be easily fixed by OS updates.  
    •  

    • Meltdown seems to be limited to Intel chips.

     

    Read More

    Share on FacebookShare on LinkedInPrint this pageEmail this to someoneTweet about this on TwitterShare on Google+

    Comments are closed.