-
- 08 Jan
Zebra – Spectre and Meltdown Additional Information
Zebra is aware of a new publicly-disclosed class of vulnerabilities that encompass 3 CVEs which form Spectre and Meltdown. These vulnerabilities can be exploited as “speculative execution side-channel attacks” executed by malware. The malware can impact many modern processors and operating systems including Intel, AMD, and ARM
- Variant 1 – CVE-2017-5753, Spectre: Bounds check bypass
- Variant 2 – CVE-2017-5715, Spectre: Branch target injection
- Variant 3 – CVE-2017-5754, Meltdown: Rogue data cache load, memory access permission check performed after kernel memory read
- CVE-2017-13218 is a general case mitigation for side-channel attacks that also addresses this issue.
What are Spectre and Meltdown?
Spectre and Meltdown are vulnerabilities that can be exploited as speculative execution side-channel attacks executed by malware. There are no known active exploits of either Spectre or Meltdown.
- Spectre steals data from the memory of other applications running on a machine.
- Spectre affects almost all modern processors – including those from AMD, ARM, and Intel.
- Meltdown enables reading protected memory. It can be easily fixed by OS updates.
- Meltdown seems to be limited to Intel chips.