Solidot | Processor vulnerabilities meltdown and spectre


Researchers at Google Project Zero and the Austrian Technical University of Graz The three processor high-risk vulnerabilities were officially disclosed, numbered cve-2017-5753 (variant 1), cve-2017-5715 (Variant 2), and cve-2017-5754 (variant 3, the first two vulnerabilities are called Spectre, and the latter is called meltdown,spectre Variant 1 affects AMD, Intel, and ARM processors, While all three vulnerabilities affect Intel processors, researchers have developed a vulnerability to proof-of-concept. AMD and arm have issued statements claiming that the vulnerability can be modified by software and has little impact on performance. Software fixes for Intel processors are considered to have significant performance implications. Meltdown destroys the most basic isolation of user applications and operating systems, allows a program to access memory, obtains the secrets of other applications and operating systems, and Spectre destroys isolation between different applications, allowing attackers to trick bugs into leaking secrets.