LLMpediaThe first transparent, open encyclopedia generated by LLMs

Meltdown and Spectre

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Bundesamt für Sicherheit in der Informationstechnik Hop 6
Expansion Funnel Raw 93 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted93
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Meltdown and Spectre
NameMeltdown and Spectre
DiscoverersJann Horn, Paul Kocher, Daniel Gruss, Moritz Lipp, Michael Schwarz, Andreas Moghaddam, Thomas Prescher
First publication2018
AffectedIntel Corporation, AMD, ARM Holdings, NVIDIA Corporation
MitigationKernel page-table isolation, microcode updates, compiler patches
SeverityHigh
TypeSide-channel attack, Speculative execution attack

Meltdown and Spectre.

Meltdown and Spectre are coordinated disclosures of hardware-level security vulnerabilities revealed in 2018 that exploit speculative execution and microarchitectural features in modern processors to leak privileged information. The disclosures prompted coordinated responses from technology firms such as Intel Corporation, Advanced Micro Devices, ARM Holdings, Google, Microsoft, Apple Inc., Amazon (company), and research institutions including University of Virginia and Graz University of Technology. The incidents reshaped risk assessments for National Security Agency, European Union Agency for Cybersecurity, and industry consortia like The Linux Foundation.

Background

Processor manufacturers built features like speculative execution and out-of-order execution to accelerate workloads for servers and clients used by Facebook, Twitter, Netflix, Dropbox, Salesforce, and IBM. Academic groups at Google Project Zero, Cybersecurity and Infrastructure Security Agency, and university labs including MIT Computer Science and Artificial Intelligence Laboratory, ETH Zurich, Tel Aviv University, and University of California, Berkeley investigated microarchitectural side channels such as cache timing and branch prediction. Prior research from Daniel Bernstein, Paul Kocher, Kocher et al., and Timothy May laid groundwork on side-channel analysis and speculative CPU behaviors referenced by practitioners at Intel Corporation and AMD.

Vulnerabilities

Researchers reported two distinct classes: one abusing privilege separation and another abusing speculative execution windows exploited across protection boundaries. The first variant allowed processes to read kernel memory bypassing Unix-style isolation used by Linux, FreeBSD, Microsoft Windows, macOS; the second allowed cross-process or cross-VM leakage in environments like Xen Project, VMware, and KVM. Attack techniques leveraged microarchitectural components such as CPU caches and branch predictors found in designs from Intel Architecture and ARM Cortex families produced by ARM Holdings and licensed by Qualcomm, Samsung Electronics, and Apple Inc..

Affected Architectures and Implementations

Vendors with affected silicon included Intel Corporation's Core and Xeon lines, AMD's Ryzen and EPYC families (with differing susceptibility), and ARM Holdings-based cores used by Apple A-series and NVIDIA Corporation designs. Cloud providers—Amazon Web Services, Google Cloud Platform, Microsoft Azure—and virtualization platforms like Xen Project, VMware ESXi, KVM, and orchestration tools from Red Hat and Canonical (company) had to assess multi-tenant risks. Embedded and mobile products from Samsung Semiconductor, Qualcomm, and MediaTek required vendor analysis for microcode and firmware changes coordinated with suppliers such as TSMC and GlobalFoundries.

Mitigation and Patching

Mitigations combined software, firmware, and microcode: kernel page-table isolation introduced by Google Project Zero researchers and patches distributed by Red Hat, Canonical (company), Debian, Microsoft, Apple Inc., and Oracle Corporation. CPU microcode updates from Intel Corporation and AMD altered speculative behaviors; toolchains from GCC, Clang, and LLVM Project added retpoline and fence insertion techniques. Cloud operators including Amazon Web Services and Google performed live migration, kernel hardening, and coordinated disclosure with standards bodies like IETF and IEEE for guidance.

Performance and Security Trade-offs

Hardening measures such as kernel page-table isolation caused measurable overhead in certain workloads, notably on I/O-heavy and system call–intensive services used by NGINX, Apache HTTP Server, MySQL, and PostgreSQL. Providers like Microsoft Azure and Amazon Web Services documented performance regressions, prompting tuning by infrastructure teams at Facebook and Google. Compiler mitigations (retpoline) and microcode updates attempted to balance latency impact against leakage risk; trade-offs influenced procurement decisions at enterprises such as Goldman Sachs, Deutsche Bank, and public institutions like United Kingdom Cabinet Office.

Detection and Exploitability

Proofs-of-concept from groups at Google Project Zero, Graz University of Technology, University of Michigan, and independent researchers demonstrated data exfiltration across user/kernel and cross-VM boundaries. Detection in the wild remained challenging for incident responders at Mandiant, FireEye, and CrowdStrike because exploits leave minimal forensic traces compared to traditional malware used in campaigns attributed to actors like Fancy Bear or Equation Group. Security teams used microarchitectural telemetry, synthetic benchmarks, and mitigations in SELinux and AppArmor-protected systems to assess exposure.

The coordinated industry response involved disclosure embargoes, patch rollouts, and regulatory attention from agencies such as CISA, European Commission, and national CERTs including US-CERT and CERT-EU. Litigation and shareholder inquiries targeted Intel Corporation and others, while policy debates at United States Congress and European Parliament considered supply-chain transparency and mandatory vulnerability disclosure frameworks. Standards organizations including ISO and NIST updated guidance on hardware threat modeling, influencing procurement at Department of Defense and multinational corporations like Siemens and General Electric.

Category:Computer security