Zebra – Spectre and Meltdown Additional Information

Zebra is aware of a new publicly-disclosed class of vulnerabilities that encompass 3 CVEs which form Spectre and Meltdown. These vulnerabilities can be exploited as “speculative execution side-channel attacks” executed by malware. The malware can impact many modern processors and operating systems including Intel, AMD, and ARM

 

  • Variant 1 – CVE-2017-5753, Spectre: Bounds check bypass
  • Variant 2 – CVE-2017-5715, Spectre: Branch target injection
  • Variant 3 – CVE-2017-5754, Meltdown: Rogue data cache load, memory access permission check performed after kernel memory read
  • CVE-2017-13218 is a general case mitigation for side-channel attacks that also addresses this issue.

 

What are Spectre and Meltdown?

Spectre and Meltdown are vulnerabilities that can be exploited as speculative execution side-channel attacks executed by malware. There are no known active exploits of either Spectre or Meltdown.

 

  • Spectre steals data from the memory of other applications running on a machine.
  • Spectre affects almost all modern processors – including those from AMD, ARM, and Intel.
  • Meltdown enables reading protected memory. It can be easily fixed by OS updates.
  • Meltdown seems to be limited to Intel chips.

 

Read More