Zebra – Spectre and Meltdown Additional Information

• Jan 08, 2018
• datatech_eyf35vta
• 0

Zebra is aware of a new publicly-disclosed class of vulnerabilities that encompass 3 CVEs which form Spectre and Meltdown. These vulnerabilities can be exploited as “speculative execution side-channel attacks” executed by malware. The malware can impact many modern processors and operating systems including Intel, AMD, and ARM

• Variant 1 – CVE-2017-5753, Spectre: Bounds check bypass

 

• Variant 2 – CVE-2017-5715, Spectre: Branch target injection

 

• Variant 3 – CVE-2017-5754, Meltdown: Rogue data cache load, memory access permission check performed after kernel memory read

 

• CVE-2017-13218 is a general case mitigation for side-channel attacks that also addresses this issue.

What are Spectre and Meltdown?

Spectre and Meltdown are vulnerabilities that can be exploited as speculative execution side-channel attacks executed by malware. There are no known active exploits of either Spectre or Meltdown.

• Spectre steals data from the memory of other applications running on a machine.

 

• Spectre affects almost all modern processors – including those from AMD, ARM, and Intel.

 

• Meltdown enables reading protected memory. It can be easily fixed by OS updates.  

 

• Meltdown seems to be limited to Intel chips.

Read More

Comments are closed.