Computer news: Spectre and Meltdown


#1

You might have heard about the big recent computer news: new vulnerabilities were discovered. These, Spectre and Meltdown, vulnerabilities are very important (more so than many of the previous ones) because they affect the hardware (instead of the software).

First things first: make sure you apply security updates for your operating system and all the software that you use – on desktops, laptops, and smartphones.

Once this is done, you might be interested in understanding what those vulnerabilities are and how they work. Learning about those vulnerabilities, you will learn more about how processors work.

Speculative execution

Modern processors are built for speed: they are made to compute as fast as possible! There are several ways this is achieved. The most obvious is to increase the clock speed – this is why modern computers run at several GHz, so they can perform billions of operations in one second.

But sometimes, the processor can only go so fast because it is limited by other parts of the computer. Typically, the memory. This happens when the processor needs more data in order to continue the computation: it is stuck waiting for the data to load from the memory.

In this case, the processor occasionally makes guesses. It says “ok, maybe the value I’m waiting for will be 0 (because it was 0 last time),” and then it proceeds as if the value had been loaded. At some point, the value is loaded and one of two things happens:

  • the value is 0: everything is good, the processor just says “yep, I was right, let’s continue”
  • the value is not 0: the processor says “oops, let me cancel those things and throw these intermediate results away” and then it restarts with the actually loaded value.

It’s a little bit like an company that is preparing a contract for a client. And, because all the work they did before for that client was in English, they prepare the contract in English.
And most time, this just works. Most time, they just save time.
But then, the client asks the contract to be made in German. The company throws away the English contract, hires a German lawyer and starts writing again.

Issues with speculative execution

Speculative execution is good because it speeds programs up in most cases. But the people who discovered the Spectre and Meltdown vulnerabilities have find a way to recover the information that is discarded by the processor.

It’s a little bit like going through the company’s rubbish to find the discarded contract draft – which includes details that were not meant to become public.
Most companies dispose of legal and sensitive documents using shredders and other such mechanism.

Unfortunately, processors don’t use shredders for values discarded after speculative execution. The data is left as is in the processor’s cache.

Learn more

If you want to learn more about these vulnerabilities, you can check the video by Computerphile or the shorter one with less details by Red Hat.

There are also detailed articles on Wikipedia: Meltdown, Spectre.

And if you want all the technical details, the official report is available. But it is full of very technical details.


Remember to update all your machines!
And a happy new year!