- 7 Tem 2013
- 8,134
- 624
Today, I'll write about the vulnerabilities (Meltdown & Spectre) that were revealed in 2018. I believe that this topic is very important. Because there are millions of processors that have this vulnerability. Plus since processor architectures cannot be changed afterwards, they are being attempted to be fixed through software patches. However, this does not mean that this vulnerability can be completely fixed.
What is Meltdown/Spectre?
These vulnerabilities allow an attacker to directly access the memory space of a processor and extract sensitive information.
Meltdown is a security vulnerability discovered in 2018. The 'speculative execution' feature of processors, which allows for direct access to memory areas, enables an attacker to directly access the memory space of a processor. This feature increases the speed of the processor by reading data in advance from the memory space. However, this feature can also lead to private information being compromised by attackers. I would also like to mention that this vulnerability exists in all Intel processors produced since 2011.
And Spectre is a different security vulnerability discovered in 2018. Spectre exploits the speculative execution feature of processors. Speculative execution is the processor's ability to predict what it will do next before moving on to the next step. These predictions help the processor run faster. Spectre shows that these predictions may be incorrect and that the processor may steal data from the memory.
Since the Meltdown and Spectre vulnerabilities exploit the fundamental principles of processor operation, these security flaws cannot be completely fixed. However, processor manufacturers are trying to reduce these security vulnerabilities by updating processor architectures and software patches.
Also if you are interested, here is the cybersecurity articles where these vulnerabilities were first introduced:
Meltdown: Reading Kernel Memory from User Space | Spectre Attacks: Exploiting Speculative Execution
Variations for Meltdown & Specter Vulnerabilities
Spectre Variant 1 (CVE-2017-5753, "bounds check bypass"): Exploits the processor's branch prediction feature. An attacker can design a special code to allow programs to read data outside of memory limits and gain unauthorized access to private information. This vulnerability was discovered in early 2018 and has impacted a wide range of processors.
Spectre Variant 2 (CVE-2017-5715, "branch target injection"): Exploits the processor's branch target buffer. An attacker can execute deceptive code to predict what the processor will do next and steal private information. This vulnerability has impacted many modern processors.
Spectre Variant 4 (CVE-2018-3639, "speculative store bypass"): Exploits the processor's speculative execution. This vulnerability allows an attacker to read private information stored in a processor's cache.
Meltdown (CVE-2017-5754, "rogue data cache load"): Exploits the processor's page table isolation. An attacker gains direct access to the processor's memory and reads data outside of the system memory boundaries. Meltdown vulnerability is only exists in Intel processors.
Foreshadow / L1TF (CVE-2018-3620, CVE-2018-3646): Exploits the processor's translation lookaside buffer (TLB). An attacker gains direct access to the processor's memory and steals private information. Foreshadow / L1TF was discovered in 2018 and has impacted many modern processors.
How to Detect Meltdown and Spectre Vulnerabilities?
There are several tools available for different operating systems related to this topic. For example, one of the most popular tools for Linux is the spectre-meltdown-checker.sh tool written in bash.
This tool checks the variants listed below.
Supported architectures:
- x86 (32 bits)
- amd64/x86_64 (64 bits)
- ARM and ARM64
Please note that this tool has not been tested on other architectures, so it may or may not work.
Bash:
wget https://meltdown.ovh -O spectre-meltdown-checker.sh
chmod +x spectre-meltdown-checker.sh
Then to run it:
Bash:
sudo ./spectre-meltdown-checker.shThen Let's use the command:
As you can see, it has started examining the vulnerabilities of the hardware I am using. There are other tools that work with Windows, but I don't have it, so I don't want to steer you wrong. If you're curious, you can check out InSpectre, Spectre-NG, and Google Project Zero for some helpful tools.
Exploits for these vulnerabilities are quite common on the internet. I have listed some of them for you below.
SpectrePoC: This exploit is based directly on the PoC of the Spectre vulnerability.
spectre-attack: This exploit is based directly on two published articles.
meltdown-exploit: This exploit is based directly on the Meltdown PoC.
In short, the Meltdown and Spectre vulnerabilities are like hidden bombs waiting to explode in the dark world of processors. I hope the topic has caught your interest. If you could share your thoughts as a comment below, Thanks!
Source: https://www.turkhackteam.org/konula...i-guvenlik-zaafiyetleri.2037755/#post-9772210 @Enistein
