LLMpediaThe first transparent, open encyclopedia generated by LLMs

Meltdown (security vulnerability)

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Intel Corporation Hop 4
Expansion Funnel Raw 39 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted39
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Meltdown (security vulnerability)
NameMeltdown
CveCVE-2017-5754
Discovered2017
Discovered byJann Horn and others
Affected softwareVarious operating systems
Affected hardwareIntel processors, some ARM and IBM designs

Meltdown (security vulnerability). Meltdown is a critical hardware security vulnerability affecting modern microprocessors that utilize speculative execution. It was independently discovered and reported in 2017 by researchers including Jann Horn of Google Project Zero and teams from Graz University of Technology and other institutions. The flaw allows a malicious process to bypass memory isolation, enabling unauthorized access to the kernel memory and the memory of other programs, which can lead to the exposure of sensitive data like passwords and encryption keys.

Overview

Meltdown exploits a performance feature known as out-of-order execution present in many CPUs. This vulnerability effectively breaks the fundamental isolation between user applications and the operating system, a cornerstone of modern computing security. It was publicly disclosed alongside a related vulnerability called Spectre in early January 2018, causing widespread concern across the technology industry. The coordinated disclosure involved major companies like Microsoft, Apple Inc., and various Linux kernel maintainers to develop concurrent patches.

Technical details

The attack leverages speculative execution, where a CPU predicts and executes instructions ahead of time to optimize performance before verifying if the program is authorized to access the associated memory. Meltdown specifically targets a race condition between the speculative access and the subsequent permission check. By using a side-channel attack via the processor's cache memory, an attacker can deduce the contents of protected kernel memory locations. This technique involves carefully measuring the time to access certain memory addresses, a method refined from earlier research on cache timing attacks.

Affected hardware

The vulnerability primarily impacted a wide range of Intel x86 microprocessors, including many chips produced since 1995, with the exception of Intel Itanium and pre-2013 Intel Atom processors. Some processors based on ARM architecture, including certain cores from ARM Cortex-A, were also confirmed to be affected. Additionally, limited IBM POWER8 and POWER9 systems were vulnerable. Notably, AMD processors were initially considered largely immune due to architectural differences in their implementation of privilege level checks.

Mitigations and patches

The primary software mitigation, known as Kernel Page Table Isolation (KPTI), was rapidly developed for operating systems including Linux, Microsoft Windows, and macOS. KPTI works by separating the page tables used by the kernel from those used by user space, preventing the speculative execution path from accessing kernel memory. These patches were distributed through updates from Microsoft, Apple Inc., and the Linux kernel community. While effective, the mitigation can incur a performance penalty, particularly on older Intel systems and workloads involving frequent system calls.

Impact and disclosure

The discovery of Meltdown and Spectre represented one of the most significant hardware security revelations in decades, affecting millions of devices worldwide from cloud servers to personal computers. The coordinated disclosure process, managed by entities like Google Project Zero, aimed to prevent exploitation before patches were available. Major cloud providers, including Amazon Web Services and Google Cloud Platform, implemented protections and communicated with customers. The incident spurred significant discussion about hardware security design and led to increased scrutiny of speculative execution techniques by chipmakers and researchers at institutions like the University of Pennsylvania.

Meltdown is closely associated with the Spectre family of vulnerabilities, which also exploit speculative execution but are more broadly applicable and difficult to mitigate. Subsequent research revealed variants such as Foreshadow (L1 Terminal Fault), which targeted Intel's Software Guard Extensions (SGX). Other related speculative execution flaws include ZombieLoad and RIDL, discovered by researchers from the Vrije Universiteit Amsterdam and others. These ongoing discoveries have led to a new class of microarchitectural data sampling attacks, keeping pressure on manufacturers like Intel, ARM, and AMD to redesign future CPU architectures.

Category:Computer security exploits Category:Computer hardware Category:2017 in computing