2018 Review: vulnerabilities affecting processors


Spectre and Meltdown, the vulnerabilities that affect processors, made waves in 2018, the year they were discovered. In their wake, a dozen or so similar flaws have also been unearthed. This was an unexpected turn of events because, until now, these processors had always been relatively unaffected by vulnerabilities.

Share the post:

What is a processor?

A processor, also known as a central processing unit or CPU, is a computer component that makes it possible to execute instructions and programs.

Until 2018, processors were rarely affected by vulnerabilities, but since then, several publications by researchers have pointed out some of their flaws. The first vulnerabilities, Spectre and Meltdown, were discovered in January 2018.

Who are the main players in the processor market?

The processor market is dominated by Intel, but AMD and ARM are becoming strong competitors as well. These three brands are the main ones affected by speculative vulnerabilities.

What is a speculative vulnerability?

Processor manufacturers introduced optimization techniques to improve performance, especially speed. Speculative execution is one of these optimizations and enables processors to predict branch outcomes. 

A branch is an operation that modifies a program’s default execution flow. It gives the program several options when a condition is present (for example, an “if”).

Example:

  • Branch 1: “If the user enters the correct password, access to data in File A is granted.”
  • Branch 2: “If the user enters an incorrect password, access to File A is denied.”

In practice, to save time, speculation enables branch outcome prediction before the branch instructions are actually received and executed by the operating system. In other words, before the user has entered a valid – or invalid – password.

Bypassing the security checks included in program development weakens the security system because the results of these speculative calculations are stored in caches* which can contain potentially sensitive data originally protected by the condition. This vulnerability enables an exploit through cache side-channel attacks, allowing the attacker to retrieve data.

The first flaw of this kind was called Spectre.

Do Spectre and Meltdown use the same mechanisms?

Spectre and Meltdown share similarities: they both affect processors, stem from processor optimizations and use side-channel attacks. Spectre is a branch prediction vulnerability, while Meltdown is based on another mechanism known as “out-of-order execution”. To maximize performance, processors can, in fact, reorganize the order in which the instructions are executed.

To complete this out-of-order execution, there is a window during which no permission checks are run. It allows access to memory content and secret pieces of information like passwords or private keys. What is more, in the case of Spectre, the influence of these operations on the cache means side-channel attacks can be used to exfiltrate data.

Meltdown allows the attacker to load data from the kernel. This breaks a fundamental system security principle – memory isolation, and above all the separation between the user space and the OS’ kernel. This is why the vulnerability is known as Melt – it melts the security boundaries that isolate the memory.

Have the Spectre and Meltdown vulnerabilities already been exploited?

To date, there have been no known cases. It is actually very hard to exploit this type of vulnerability: since the success of an exploit is strongly determined by the computer’s architecture, the operating code will not necessarily suit all configurations.

In the case of Spectre, it remains unclear how much loot hackers can recover since a lot of the data is stored in the much-vaunted caches, which are very hard to access.

How have manufacturers responded?

To correct these flaws, manufacturers have had to accept that the trade-off is a significant reduction in processor speed. Therefore, speed is the key differentiating factor in this market. Virtually all the world’s hardware – computers, servers, tablets and mobiles – is equipped with processors, so all users are affected.

The real threat posed by this type of vulnerability is not so much computer-related as financial. Key players like Intel, ARM and AMD face a difficult choice: less competitiveness or less security?

Why are Spectre and Meltdown the most known speculative vulnerabilities?

Spectre and Meltdown were the first vulnerabilities of this kind to be revealed. They created waves because they are a brand-new type of flaw. Until now, even though there was no such thing as zero risk, processors had been relatively unaffected by computer flaws. After publishing virtually nothing for years, 2018 was a prolific year for researchers, and with good reason – Spectre and Meltdown opened the flood gates for them.

Learn more about speculative vulnerabilities with Orange Cyberdefense

Severity rating:

Critical: can gain access to the entire memory (mostly Meltdown-like vulnerabilities)

Moderate:  Spectre-like vulnerability

Low: Very specific variant of Spectre

 

Attack complexity

***: requires in-depth knowledge of micro-architecture (key factor for side-channel attacks and the ability to influence the system)

**: requires knowledge of micro-architecture

*: less reliant on knowledge of micro-architecture

The researchers who revealed Spectre and Meltdown announced the existence of other speculative execution vulnerabilities; it was confirmed in 2018. In 2019, SPOILER was discovered – this vulnerability allows memory data leakages (specifically, physical memory addresses).

Notes :

*A cache is a micro-architectural register.