Meltdown / Spectre issue? WELCOME! So… How big a deal is the Meltdown / Spectre issue?

How big a deal is the Meltdown / Spectre cybersecurity issue? Affects just about anything with a CPU since 1995.

What is the issue? A hardware vulnerability that could allow an attacker to access sensitive date in the protected KERNAL memory of a device including passwords, Crypto keys, personal data, emails and anything else. Heavily impacts Intel CPUs but others are not immune. Including AMD. This includes ARM processors found in MS Surface, as smartphones, tablets, multimedia players and other mobile devices, such as wearables.  Apple devices are not immune.

Side note There's also a not-safe-for-work nickname that was reportedly conceived by the Linux kernel team: F***WIT (which stands for "Forcefully Unmap Complete Kernel With Interrupt Trampolines").

Why are we just hearing about it? It turns out that Intel and a handful of software development giants, among them Apple, Microsoft, and the Linux kernel developers, have known about the design flaw since at least November 2017 and have been working behind the scenes to prepare for a coordinated public disclosure and remediation of the issue. (At least, that was the plan until "python sweetness" and The Register brought the issue out of obscurity and into the public spotlight.) Source - https://www.intego.com/mac-security-blog/meltdown-and-spectre-what-apple-users-need-to-know/ Source - https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ Source - http://pythonsweetness.tumblr.com/

More Details Whenever a running program needs to do anything useful – such as write to a file or open a network connection – it has to temporarily hand control of the processor to the kernel to carry out the job. To make the transition from user mode to kernel mode and back to user mode as fast and efficient as possible, the kernel is present in all processes' virtual memory address spaces, although it is invisible to these programs. When the kernel is needed, the program makes a system call, the processor switches to kernel mode and enters the kernel. When it is done, the CPU is told to switch back to user mode, and reenter the process. While in user mode, the kernel's code and data remains out of sight but present in the process's page tables.

More Details User programs have to utilize the KERNAL to access memory . Including memory allocation to the KERNAL and to that USER program.

Think of it as three separate spaces KERNAL Hardware on Chip Memory CPU cache USER space KERNAL space

Hardware on Chip Unprivileged program memory space KERNAL space CPU More Details Unprivileged program memory space Hardware on Chip KERNAL space CPU cache USER space Abstraction - There is a “little bit” of the KERNAL in memory allocated to each program. Newer CPUs come with a hardware CPU cache and predictive “look-forward” capability to anticipate what a program might need before it is needed.

Hardware on Chip Unprivileged program memory space KERNAL space More Details Hardware on Chip Unprivileged program memory space KERNAL space CPU cache aka Kernal Page Table USER space A users program cannot access the memory locations reserved to the KERNAL. The KERNAL is in effect invisible to the user program. The users program can utilize things like device drivers via a SYSTEM CALL that the KERNAL makes available to it.

Hardware on Chip Unprivileged program memory space KERNAL space More Details Unprivileged program memory space Hardware on Chip KERNAL space CPU cache Cool secret stuff Cool secret stuff USER space However a user program can attempt to query memory locations reserved to the KERNAL. Maybe that memory location contains “Cool Secret Stuff”. When they do they will generate an EXCEPTION (error) conditon but not before the info is cached.

Hardware on Chip Unprivileged program memory space KERNAL space More Details Unprivileged program memory space Hardware on Chip KERNAL space CPU cache Cool secret stuff Cool secret stuff USER space So what happens is the bad guys take advantage of the race condition that temporarily reveals the “Cool Secret Stuff” in the cache in the very brief time before it is cleared.

Hardware on Chip Unprivileged program memory space KERNAL space Side Attack Unprivileged program memory space Hardware on Chip KERNAL space CPU cache Cool secret stuff Cool secret stuff USER space Note that the bad guys have to gather the “Cool Secret Stuff BEFORE the CPU cache is cleared.

Unprivileged program Hardware on Chip memory space KERNAL space Solution – Unmap the Kernal Page Table for USER space processes (programs). Sounds simple, right? Unprivileged program memory space Hardware on Chip KERNAL space CPU cache USER space This could cause SERIOUS program slow downs (2% to 30% hypothesized. Especially for applications like VMware.

Why have a CPU cache anyway? Unprivileged program memory space Hardware on Chip CPU cache or KPT KERNAL space Cool secret stuff Cool secret stuff USER space The KPT or Kernal Page Table is used to improve processing performance.

More Details Source -

Meltdown vs. Spectre Meltdown – Think desktops, servers and laptops. Spectre – Think mobile and IoT devices. Source - http:// mashable.com/2018/01/04/google-chrome-spectre-precaution-meltdown/#quZpgg.aTSqS

Meltdown vs. Spectre Meltdown – Patch Spectre – Protect using browser settings and browser patches for now. Not so fast. This is a quickly changing issue. Some patches are actually Bricking systems. Some AV vendors are blocking the patches. Example is Symantec (but the may have this fixed now, they are working on it as we speak).

Interim steps to protect Google Chrome from Spectre : Browse to chrome://flags/#enable-site-per-process Click “Enable" on "Strict site isolation." You'll need to restart your browser, but otherwise that's it. Google - "The performance loss for Chrome specifically should be negligible.”  Source - http://mashable.com/2018/01/04/google-chrome-spectre-precaution-meltdown/#quZpgg.aTSqS