Meltdown

01/03/2018
by   Moritz Lipp, et al.
0

The security of computer systems fundamentally relies on memory isolation, e.g., kernel address ranges are marked as non-accessible and are protected from user access. In this paper, we present Meltdown. Meltdown exploits side effects of out-of-order execution on modern processors to read arbitrary kernel-memory locations including personal data and passwords. Out-of-order execution is an indispensable performance feature and present in a wide range of modern processors. The attack works on different Intel microarchitectures since at least 2010 and potentially other processors are affected. The root cause of Meltdown is the hardware. The attack is independent of the operating system, and it does not rely on any software vulnerabilities. Meltdown breaks all security assumptions given by address space isolation as well as paravirtualized environments and, thus, every security mechanism building upon this foundation. On affected systems, Meltdown enables an adversary to read memory of other processes or virtual machines in the cloud without any permissions or privileges, affecting millions of customers and virtually every user of a personal computer. We show that the KAISER defense mechanism for KASLR has the important (but inadvertent) side effect of impeding Meltdown. We stress that KAISER must be deployed immediately to prevent large-scale exploitation of this severe information leakage.

READ FULL TEXT
research
05/29/2019

Fallout: Reading Kernel Writes From User Space

Recently, out-of-order execution, an important performance optimization ...
research
04/17/2023

AVX Timing Side-Channel Attacks against Address Space Layout Randomization

Modern x86 processors support an AVX instruction set to boost performanc...
research
09/12/2019

Taking a Look into Execute-Only Memory

The development process of microcontroller firmware often involves multi...
research
05/20/2020

A Way Around UMIP and Descriptor-Table Exiting via TSX-based Side-Channel Attack

Nowadays, in operating systems, numerous protection mechanisms prevent o...
research
06/19/2018

LazyFP: Leaking FPU Register State using Microarchitectural Side-Channels

Modern processors utilize an increasingly large register set to facilita...
research
05/14/2019

ZombieLoad: Cross-Privilege-Boundary Data Sampling

In early 2018, Meltdown first showed how to read arbitrary kernel memory...
research
07/17/2020

PThammer: Cross-User-Kernel-Boundary Rowhammer through Implicit Accesses

Rowhammer is a hardware vulnerability in DRAM memory, where repeated acc...

Please sign up or login with your details

Forgot password? Click here to reset