Meltdown & Spectre: Critical CPU Vulnerabilities

Critical CPU Vulnerabilities Affecting Intel Processors

Speculative Execution Side-Channel Attacks

• Background on Speculative Execution
• Meltdown: CVE-2017-5754
• Spectre: CVE-2017-5753 & CVE-2017-5715
• Impacts and Performance Costs
• Mitigations: Software and Hardware
• Conclusion and Best Practices

---

Photo by Aleksandrs Karevs on Unsplash

1

Background on Speculative Execution

Root cause of Meltdown and Spectre

---

Photo by razi pouri on Unsplash

• Modern CPUs use branch prediction and speculative execution for speed
• Speculatively executes instructions before branch outcome is known
• Mispredictions discard committed results, but leave observable side effects (e.g., cache state)
• Cache timing attacks exploit these side effects to leak private data

• Branch prediction leads to speculative execution
• Private data affects memory access patterns
• Cache state leaks info via timing attacks
• Applies to both Meltdown and Spectre

---

Photo by Devin Spell on Unsplash

2

Meltdown Vulnerability

CVE-2017-5754 (Rogue Data Cache Load)

---

Photo by Martin Er on Unsplash

> Meltdown affects Intel x86 microprocessors, IBM Power microprocessors, and some ARM-based microprocessors. It allows a rogue process to read all memory, even when it is not authorized to do so.

— Wikipedia: Meltdown (security vulnerability)

• Disclosed Jan 2018 (CVE-2017-5754)
• Primarily Intel x86, also IBM Power & some ARM
• Rogue process bypasses memory isolation
• Impacts servers, cloud, mobile/smart devices
• Software patches slow systems 5-30% in key workloads

• 5-30%: System Slowdown
• CVE-2017-5754: Identifier

3

Spectre Vulnerability

CVE-2017-5753 (V1) & CVE-2017-5715 (V2)

Spectre V1 (CVE-2017-5753) Bounds check bypass using speculative execution to ignore array bounds, leaking cross-process data via cache timing.

Spectre V2 (CVE-2017-5715) Branch target injection manipulates indirect branches, forcing speculation to malicious code paths for data extraction.

• Side-channel attacks on speculative execution
• Impacts processors with branch prediction
• JIT compilers (JavaScript) vulnerable: site isolation bypass
• Wider hardware scope than Meltdown
• Patches cause 2-14% performance drop on new Intel CPUs

• Speculative execution leaves cache footprints
• Private data influences access patterns
• Timing differences reveal secrets
• Affects browsers via JavaScript

---

Photo by Adi Goldstein on Unsplash

4

Meltdown vs Spectre

Severity and Performance Trade-offs

| CVE | 2017-5754 | 2017-5753 (V1) 2017-5715 (V2) |

| CPUs | Intel x86 primary ARM/Power | Modern branch predictors |

Jan 2018: Disclosure Meltdown (CVE-2017-5754) and Spectre CVEs published; considered 'catastrophic' Jan 2018: Patches Software mitigations: KPTI in Linux, OS updates; performance hits reported Mar 2018: Intel Plan CPU redesign announced for Meltdown & Spectre v2 Oct 2018: Hardware Fixes Firmware mitigations deployed in latest Intel processors

5

Mitigation Strategies

From KPTI to Hardware Redesign

---

Photo by Jakub Żerdzicki on Unsplash

🛡️ KPTI (PTI) Kernel Page-Table Isolation mitigates Meltdown; Linux 4.15+ backports

💻 OS Updates Windows, macOS, Linux patches; performance trade-offs

🔬 Hardware/Firmware Intel redesigns (Mar 2018); mitigations in Oct 2018 CPUs

🌐 Browser/JIT Hardens JavaScript engines against Spectre cross-site leaks

Meltdown & Spectre: Catastrophic but mitigable

Apply patches promptly Monitor hardware updates Balance security & performance

Questions? Thank you!

---

Photo by Hyunwon Jang on Unsplash