During 2017 a couple of academic groupings and the so-called Google Zero Project performed research into side-channel attacks on to processors that perform speculative execution, which means most modern processor architectures.
The findings were that processor microarchitectures from Intel, AMD and ARM were all vulnerable to a lesser or greater extent. Google reported the first findings to the processor companies on June 1, 2017 and the fact that Intel, AMD and ARM are all referenced suggests that all forms of equipment from embedded applications up through smartphones to laptops and servers in data centers are vulnerable.
Google Zero Project has published a blogpost here that details three types of attack under two codenames; Meltdown and Spectre but all make use of a so-called kernel leakage and operating system companies appear to have been scrambling to prepare patches and updates to block such attacks. Much debate now seems set to ensue as to what degree which processors are affected and how much they are hobbled in performance by the resulting software burden.
With increasing discussion of “kernel leakage” and how this could be used to obtain passwords and other elements of secure systems Intel made a statement on January 3, 2018.
The company acknowledged that it had been made aware of the possibility of “gathering sensitive data from computing devices that are operating as designed.”
Intel said that these exploits were not caused by a “bug” or a “flaw” and were not unique to Intel products. “Based on the analysis to date, many types of computing devices – with many different vendors’ processors and operating systems – are susceptible to these exploits,” the company said.
Next: AMD posts explanation page
Intel added that it is working with AMD, ARM and several operating system vendors to resolve the issue. Intel added that “performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”
AMD has a page providing an update on speculative execution (see https://www.amd.com/en/corporate/speculative-execution) and said that one of the loopholes (bounds check bypass) has already been closed by software and OS updates; variant two (branch target injection) has not been demonstrated on AMD processors to date and that variant three (rogue data cache load) provides zero vulnerability due to differences in the AMD architecture.
Daniel Gruss, one of the researchers at Graz University of Technology in Austria who co-authored one of the first academic papers on Meltdown, called it “probably one of the worst CPU bugs ever found” in an interview with Reuters.
Related links and articles: