Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.1
Like the Meltdown attack, they result from errors in the processor architecture. Specter is a difficult attack, it also seems very difficult to patch - in fact it would have to recompile all applications here. Just isolating the kernel memory will not do anything here.
Who is Spectre threatening?
Specter allows the attacker who started his process with the rights of an ordinary user to extract information from other processes operating in the system, but also to extract information from his own process.
Researchers have found that on Haswell Xeon processors they are able to read the memory contents of other processes. AMD processors are also prone to Spectre attack and reading memory from other processes. It certainly works on cores in architectures originating from Bulldozer, in AMD FX-8320 chips and AMD PRO A8-9600 chips. In addition, if the AMD PRO chip works in a non-standard configuration with JIT optimization enabled, an ordinary user can read the kernel memory. Cortex-A8, Cortex-A9, Cortex-A15, Cortex-A17, Cortex-A57, Cortex-A72, Cortex-A73 and Cortex-A75 cores are also susceptible, as well as the specialized R-cores.
How to protect yourself against Spectre?
It may be impossible to defend against it entirely in the long term without updating hardware. It’s very possible that the world will feel the consequences for them for years.
- Vulnerability Note VU#584653
- Bounds check bypass
- Spectre and Meltdown Guidance
- Today’s CPU vulnerability: what you need to know
- Spectre & Meltdown Checker Script
A simple shell script to tell if your Linux installation is vulnerable against the 3 “speculative execution” CVEs that were made public early 2018. “Please also note that for Spectre vulnerabilities, all software can possibly be exploited, this tool only verifies that the kernel (which is the core of the system) you’re using has the proper protections in place. Verifying all the other software is out of the scope of this tool.” ↩