Spectre (security vulnerability)
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)
|
branch prediction | |
Website | Official website |
---|
Spectre is one of the two original
On most processors, theTwo
In early 2018, Intel reported that it would redesign its CPUs to help protect against the Spectre and related Meltdown vulnerabilities (especially, Spectre variant 2 and Meltdown, but not Spectre variant 1).[9][10][11][12] On 8 October 2018, Intel was reported to have added hardware and firmware mitigations regarding Spectre and Meltdown vulnerabilities to its latest processors.[13]
History
In 2002 and 2003, Yukiyasu Tsunoo and colleagues from
Spectre proper was discovered independently by Jann Horn from
On 28 January 2018, it was reported that Intel shared news of the Meltdown and Spectre security vulnerabilities with Chinese technology companies, before notifying the U.S. government of the flaws.[24]
On 29 January 2018, Microsoft was reported to have released a
Since the disclosure of Spectre and Meltdown in January 2018, much research had been done on vulnerabilities related to speculative execution. On 3 May 2018, eight additional Spectre-class flaws provisionally named Spectre-NG by
On 21 May 2018, Intel published information on the first two Spectre-NG class side-channel vulnerabilities CVE-2018-3640 (Rogue System Register Read, Variant 3a) and CVE-2018-3639 (Speculative Store Bypass, Variant 4),[34][35] also referred to as Intel SA-00115 and HP PSR-2018-0074, respectively.
According to
On 10 July 2018, Intel revealed details on another Spectre-NG class vulnerability called "Bounds Check Bypass Store" (BCBS), or "Spectre 1.1" (CVE-2018-3693), which was able to write as well as read out of bounds.[40][41][42][43] Another variant named "Spectre 1.2" was mentioned as well.[43]
In late July 2018, researchers at the universities of Saarland and California revealed ret2spec (aka "Spectre v5") and SpectreRSB, new types of code execution vulnerabilities using the return stack buffer (RSB).[44][45][46]
At the end of July 2018, researchers at the Graz University of Technology revealed "NetSpectre", a new type of remote attack similar to Spectre V1, but which does not need attacker-controlled code to be run on the target device at all.[47][48]
On 8 October 2018, Intel was reported to have added hardware and firmware mitigations regarding Spectre and Meltdown vulnerabilities to its latest processors.[13]
In November 2018, five new variants of the attacks were revealed. Researchers attempted to compromise CPU protection mechanisms using code to exploit the CPU pattern history table, branch target buffer, return stack buffer, and branch history table.[49]
In August 2019, a related
In July 2020 a team of researchers from TU Kaiserslautern, Germany published a new Spectre variant called "Spectre-STC" (single-threaded contention). This variant makes use of port contention in shared resources and can be applied even in single-threaded cores. [53]
In late April 2021, a related vulnerability was discovered that breaks through the security systems designed to mitigate Spectre through use of the micro-op cache. The vulnerability is known to affect Skylake and later processors from Intel and Zen-based processors from AMD.[54]
In February 2023, a team of researchers at North Carolina State University uncovered a new code execution vulnerability called Spectre-HD, also known as "Spectre SRV" or "Spectre v6". This vulnerability leverages speculative vectorization with selective replay (SRV) technique showing "Leakage from Higher Dimensional Speculation".[55][56]
Mechanism
Spectre is a vulnerability that tricks a program into accessing arbitrary locations in the program's memory space. An attacker may read the content of accessed memory, and thus potentially obtain sensitive data.
Instead of a single easy-to-fix vulnerability, the Spectre white paper
The starting point of the white paper is that of a side-channel timing attack[58] applied to the branch prediction machinery of modern microprocessors with speculative execution. While at the architectural level documented in processor data books, any results of misprediction are specified to be discarded after the fact, the resulting speculative execution may still leave side effects, like loaded cache lines. These can then affect the so-called non-functional aspects of the computing environment later on. If such side effects – including but not limited to memory access timing – are visible to a malicious program, and can be engineered to depend on sensitive data held by the victim process, then these side effects can result in such data becoming discernible. This can happen despite the formal architecture-level security arrangements working as designed; in this case, lower, microarchitecture-level optimizations to code execution can leak information not essential to the correctness of normal program execution.
The Spectre paper explains the attack in four essential steps:
- First, it shows that branch prediction logic in modern processors can be trained to reliably hit or miss based on the internal workings of a malicious program.
- It then goes on to show that the subsequent difference between cache hits and misses can be reliably timed, so that what should have been a simple non-functional difference can in fact be subverted into a covert channel which extracts information from an unrelated process's inner workings.
- Thirdly, the paper synthesizes the results with return-oriented programming exploits and other principles with a simple example program and a JavaScript snippet run under a sandboxing browser; in both cases, the entire address space of the victim process (i.e. the contents of a running program) is shown to be readable by simply exploiting speculative execution of conditional branches in code generated by a stock compiler or the JavaScript machinery present in an existing browser. The basic idea is to search existing code for places where speculation touches upon otherwise inaccessible data, manipulate the processor into a state where speculative execution has to contact that data, and then time the side effect of the processor being faster, if its by-now-prepared prefetch machinery indeed did load a cache line.
- Finally, the paper concludes by generalizing the attack to any non-functional state of the victim process. It briefly discusses even such highly non-obvious non-functional effects as bus arbitration latency.
Meltdown can be used to read privileged memory in a process's address space which even the process itself would normally be unable to access (on some unprotected OSes this includes data belonging to the kernel or other processes). It was shown[59] that under certain circumstances, the Spectre vulnerability is also capable of reading memory outside of the current process's memory space.
The Meltdown paper distinguishes the two vulnerabilities thus: "Meltdown is distinct from the Spectre Attacks in several ways, notably that Spectre requires tailoring to the victim process's software environment, but applies more broadly to CPUs and is not mitigated by KAISER."[60]
Remote exploitation
While Spectre is simpler to exploit with a
The exploit using remote JavaScript follows a similar flow to that of a local machine code exploit: flush cache → mistrain branch predictor → timed reads (tracking hit / miss).
The clflush
instruction (
Careful coding and analysis of the machine code executed by the just-in-time compilation (JIT) compiler was required to ensure the cache-clearing and exploitive reads were not optimized out.
Impact
As of 2018, almost every computer system is affected by Spectre, including desktops, laptops, and mobile devices. Specifically, Spectre has been shown to work on
Researchers have indicated that the Spectre vulnerability can possibly affect some
ARM has reported that the majority of their processors are not vulnerable, and published a list of the specific processors that are affected by the Spectre vulnerability:
Spectre has the potential of having a greater impact on
Mitigation
Since Spectre represents a whole class of attacks, most likely, there cannot be a single patch for it.[3] While work is already being done to address special cases of the vulnerability, the original website devoted to Spectre and Meltdown states, "As [Spectre] is not easy to fix, it will haunt us for a long time."[4] At the same time, according to Dell: "No 'real-world' exploits of these vulnerabilities [i.e., Meltdown and Spectre] have been reported to date [7 February 2018], though researchers have produced proof-of-concepts."[77][78]
Several procedures to help protect home computers and related devices from the vulnerability have been published.[79][80][81][82] Spectre patches have been reported to significantly slow down performance, especially on older computers; on the newer eighth-generation Core platforms, benchmark performance drops of 2–14 percent have been measured.[83][5][84][85][86] On 18 January 2018, unwanted reboots, even for newer Intel chips, due to Meltdown and Spectre patches, were reported.
It has been suggested
As early as 2018,
On 4 January 2018, Google detailed a new technique on their security blog called "Retpoline" (a
On 25 January 2018, the current status and possible future considerations in solving the Meltdown and Spectre vulnerabilities were presented.[94]
In March 2018, Intel announced that they had developed hardware fixes for Meltdown and Spectre-V2 only, but not Spectre-V1.[9][10][11] The vulnerabilities were mitigated by a new partitioning system that improves process and privilege-level separation.[12]
On 8 October 2018, Intel is reported to have added hardware and firmware mitigations regarding Spectre and Meltdown vulnerabilities to its Coffee Lake-R processors and onwards.[13]
On 18 October 2018, MIT researchers suggested a new mitigation approach, called DAWG (Dynamically Allocated Way Guard), which may promise better security without compromising performance.[95]
On 16 April 2019, researchers from UC San Diego and University of Virginia proposed Context-Sensitive Fencing, a microcode-based defense mechanism that surgically injects fences into the dynamic execution stream, protecting against a number of Spectre variants at just 8% degradation in performance.[96]
On 26 November 2021, researchers from Texas A&M University and Intel showed that Spectre attack (and other family of transient attacks) cannot be detected by typical antivirus or anti-malware software currently available, before they leak data. Especially, they show that it is easy to generate evasive versions of these attacks to build malware instead of their generic gadgets to bypass current antivirus applications. It was shown that this is due to the fact that these attacks can leak data using transient instructions that never get committed during a very short transient window and so are not visible from architecture layer (software) before leakage, but they are visible in microarchitecture layer (hardware). Additionally, software is limited to monitor four Hardware Performance Counters (HPCs) every 100 ns, which makes it difficult and almost impossible to collect information about malicious activity correlated with these attacks from software using antivirus applications before they can leak data.[88]
On 20 October 2022, researchers from the North Carolina State University, the University of San Diego, California, and Intel announced that they were able to design the first detection technology that can detect transient attacks before leakage in the microarchitecture layer (hardware). This was accomplished by building the first machine learning accelerator for security, designed to be built in Intel chips. This technology has a fast speed of sampling activity of transient instructions every 1ns and making predictions every 10 nanoseconds, allowing detection of transient attacks such as Spectre and Meltdown before data leakage occurs, and it automatically enables counter measurements in the chip. This technology is also equipped with adversarial training, making it immune to large category of adversarial and evasive versions of Spectre attack.[89]
Linux
When Intel announced that Spectre mitigation can be switched on as a "security feature" instead of being an always-on bugfix, Linux creator
/sys/devices/system/cpu/vulnerabilities/
[59]Microsoft Windows
On 2 March 2019, Microsoft is reported to have released an important Windows 10 (v1809) software mitigation to the Spectre v2 CPU vulnerability.[103]
Vulnerability | CVE | Exploit name | Public vulnerability name | Windows changes | Firmware changes | Source |
---|---|---|---|---|---|---|
Spectre | 2017-5753 | Variant 1 | Bounds Check Bypass (BCB) | Recompiling with a new compiler Hardened browser to prevent exploit from JavaScript |
No | [7] |
Spectre | 2017-5715 | Variant 2 | Branch Target Injection (BTI) | New CPU instructions eliminating branch speculation | Yes | [7] |
Meltdown | 2017-5754 | Variant 3 | Rogue Data Cache Load (RDCL) |
Isolate kernel and user mode page tables | No | [7] |
Spectre-NG | 2018-3640 | Variant 3a | Rogue System Register Read (RSRR[104]) | Yes | [105][34] | |
Spectre-NG | 2018-3639 | Variant 4 | Speculative Store Bypass (SSB) | Yes | [105][34] | |
Spectre-NG | 2018-3665 | Lazy FP State Restore |
[38][39] | |||
Spectre-NG | 2018-3693 | Variant 1.1 | Bounds Check Bypass Store (BCBS) | |||
Spectre | Variant 1.2 | Read-only protection bypass (RPB) | ||||
SpectreRSB | Return Mispredict | |||||
Spectre-HD | Speculative Vectorization Exploit (SRV) | [56] |
Other software
This section needs to be updated.(February 2019) |
Several procedures to help protect home computers and related devices from the vulnerability have been published.[79][80][81][82]
Initial mitigation efforts were not entirely without incident. At first, Spectre patches were reported to significantly slow down performance, especially on older computers. On the newer eighth generation Core platforms, benchmark performance drops of 2–14 percent were measured.[83] On 18 January 2018, unwanted reboots were reported even for newer Intel chips.[99]
Since exploitation of Spectre through JavaScript embedded in websites is possible,[1] it was planned to include mitigations against the attack by default in Chrome 64. Chrome 63 users could manually mitigate the attack by enabling the site isolation feature (chrome://flags#enable-site-per-process
).[106]
As of Firefox 57.0.4, Mozilla was reducing the resolution of JavaScript timers to help prevent timing attacks, with additional work on time-fuzzing techniques planned for future releases.[21][107]
On January 15, 2018, Microsoft introduced mitigation for Spectre in Visual Studio. This can be applied by using the /Qspectre switch. A developer would need to download and install the appropriate libraries using the Visual Studio installer.[108]
Immune hardware
See also
- Row hammer
- SPOILER (security vulnerability)
References
- ^ a b c Kocher, Paul; Genkin, Daniel; Gruss, Daniel; Haas, Werner; Hamburg, Mike; Lipp, Moritz; Mangard, Stefan; Prescher, Thomas; Schwarz, Michael; Yarom, Yuval (2018). "Spectre Attacks: Exploiting Speculative Execution" (PDF). Archived (PDF) from the original on 2018-01-03.
- ^ Greenberg, Andy (2018-01-03). "A Critical Intel Flaw Breaks Basic Security for Most Computers". Wired. Archived from the original on 2018-01-03. Retrieved 2018-01-03.
- ^ a b Bright, Peter (2018-01-05). "Meltdown and Spectre: Here's what Intel, Apple, Microsoft, others are doing about it". Ars Technica. Archived from the original on 2018-05-27. Retrieved 2018-01-06.
- ^ a b c "Meltdown and Spectre". Graz University of Technology. 2018. Archived from the original on 2018-01-03. Retrieved 2018-01-03.
- ^ from the original on 2018-01-03. Retrieved 2018-01-03.
- ^ Warren, Tom (2018-01-03). "Intel's processors have a security bug and the fix could slow down PCs". The Verge. Archived from the original on 2018-01-03. Retrieved 2018-01-03.
- ^ a b c d Myerson, Terry (2018-01-09). "Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems". Microsoft. Archived from the original on 2018-05-25.
- ^ Williams, Chris (2018-01-04). "Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs". The Register. Archived from the original on 2018-05-27.
- ^ a b Warren, Tom (2018-03-15). "Intel Processors are Being Redesigned to Protect Against Spectre – New Hardware Coming Later This Year". The Verge. Archived from the original on 2018-04-21. Retrieved 2018-03-15.
- ^ a b Shankland, Stephen (2018-03-15). "Intel will block Spectre attacks with new chips this year – Cascade Lake processors for servers, coming this year, will fight back against a new class of vulnerabilities, says CEO Brian Krzanich". CNET. Archived from the original on 2018-04-23. Retrieved 2018-03-15.
- ^ a b Coldewey, Devin (2018-03-15). "Intel announces hardware fixes for Spectre and Meltdown on upcoming chips". TechCrunch. Archived from the original on 2018-04-12. Retrieved 2018-03-28.
- ^ a b Smith, Ryan (2018-03-15). "Intel Publishes Spectre & Meltdown Hardware Plans: Fixed Gear Later This Year". AnandTech. Archived from the original on 2018-05-04. Retrieved 2018-03-20.
- ^ a b c Shilov, Anton (2018-10-08). "Intel's New Core and Xeon W-3175X Processors: Spectre and Meltdown Security Update". AnandTech. Retrieved 2018-10-09.
- ^ Tsunoo, Yukiyasu; Tsujihara, Etsuko; Minematsu, Kazuhiko; Miyauchi, Hiroshi (January 2002). Cryptanalysis of Block Ciphers Implemented on Computers with Cache. ISITA 2002.
- ^ Tsunoo, Yukiyasu; Saito, Teruo; Suzaki, Tomoyasu; Shigeri, Maki; Miyauchi, Hiroshi (2003-09-10) [2003-09-10]. Cryptanalysis of DES Implemented on Computers with Cache Cryptanalysis of DES Implemented on Computers with Cache. Cryptographic Hardware and Embedded Systems, CHES 2003, 5th International Workshop. Cologne, Germany.
- ^ Bernstein, Daniel J. (2005-04-14). "Cache-timing attacks on AES" (PDF). Archived (PDF) from the original on 2018-01-17. Retrieved 2018-05-26.
- ^ Percival, Colin (May 2005). "Cache missing for fun and profit" (PDF). BSDCan '05 (Conference presentation slides). Archived (PDF) from the original on 2017-10-12. Retrieved 2018-05-26. [1] Superseded by: "Cache missing for fun and profit" (PDF). October 2005. Archived (PDF) from the original on 2018-05-19. Retrieved 2018-05-26.
- ISBN 9781931971157. Archivedfrom the original on 2018-03-05. Retrieved 2018-05-26.
- ^ Yarom, Yuval; Genkin, Daniel; Heninger, Nadia (2016-09-21). "CacheBleed A Timing Attack on OpenSSL Constant Time RSA". CHES 2016. (Yuval Yarom referring to the history.)
- ^ Fogh, Anders (2017-01-12). "Covert shotgun: Automatically finding covert channels in SMT". HackPra channel from the Chair of Network and Data Security. Ruhr University Bochum. [2] (Fogh describing a side channel using fashioned listening to a safe while turning its wheel.)
- ^ a b "Mozilla Foundation Security Advisory 2018-01 – Speculative execution side-channel attack ("Spectre")". Mozilla. Archived from the original on 2018-05-16. Retrieved 2018-05-26.
- ^ Gibbs, Samuel (2018-01-04). "Meltdown and Spectre: 'worst ever' CPU bugs affect virtually all computers". The Guardian. Archived from the original on 2018-01-06. Retrieved 2018-01-06.
- ^ "Meltdown and Spectre". spectreattack.com.
- ^ Lynley, Matthew (2018-01-28). "Intel reportedly notified Chinese companies of chip security flaw before the U.S. government". TechCrunch. Retrieved 2018-01-28.
- ZDNet. Retrieved 2018-01-29.
- ^ "Update to Disable Mitigation against Spectre, Variant 2". Microsoft. 2018-01-26. Retrieved 2018-01-29.
- ^ Leonhard, Woody (2018-01-29). "Windows Surprise Patch KB 4078130: The Hard Way to Disable Spectre 2". Computerworld. Retrieved 2018-01-29.
- ^
- Schmidt, Jürgen (2018-05-03). "Super-GAU für Intel: Weitere Spectre-Lücken im Anflug". Heise Online. Archivedfrom the original on 2018-05-05. Retrieved 2018-05-03.
- Schmidt, Jürgen (2018-05-03). "Exclusive: Spectre-NG – Multiple new Intel CPU flaws revealed, several serious". Heise Online. Archivedfrom the original on 2018-05-05. Retrieved 2018-05-04.
- Schmidt, Jürgen (2018-05-03). "Super-GAU für Intel: Weitere Spectre-Lücken im Anflug".
- Heise Online. Archivedfrom the original on 2018-05-05. Retrieved 2018-05-04.
- ZDNet. Archivedfrom the original on 2018-05-22. Retrieved 2018-03-04.
- ^ Kumar, Mohit (2018-05-04). "8 New Spectre-Class Vulnerabilities (Spectre-NG) Found in Intel CPUs". The Hacker News. Archived from the original on 2018-05-05. Retrieved 2018-05-05.
- ^ Heise Online (in German). Archivedfrom the original on 2018-05-07. Retrieved 2018-05-07.
- ^ Armasu, Lucian (2018-05-08). "Intel Postpones Patching 'Spectre NG' CPU Flaws". Tom's Hardware. Retrieved 2018-05-11.
- ^ Heise Security (in German). Archivedfrom the original on 2018-05-21. Retrieved 2018-05-21.
- US-CERT. 2018-05-21. Alert (TA18-141A). Archivedfrom the original on 2018-05-21. Retrieved 2018-05-21.
- ZDNet. Retrieved 2018-06-14.
- ^ Armasu, Lucian (2018-06-14). "Intel CPUs Affected By Yet Another Speculative Execution Flaw". Tom's Hardware. Retrieved 2018-06-14.
- ^ Heise Security (in German). Archivedfrom the original on 2018-06-14. Retrieved 2018-06-14.
- ^ Heise Security (in German). Archivedfrom the original on 2018-06-14. Retrieved 2018-06-14.
- ^ "Speculative Execution Branch Prediction Side Channel and Branch Prediction Analysis Method". Intel. 2018-07-10 [2018-01-03]. INTEL-OSS-10002. Archived from the original on 2018-07-14. Retrieved 2018-07-15.
- ^ "Analysis of Speculative Execution Side Channels" (PDF) (White Paper). Revision 4.0. Intel. July 2018. 336983-004. Retrieved 2018-07-15.
- ^ arXiv:1807.03757v1 [cs.CR].
- University of Saarland. Archived(PDF) from the original on 2018-08-01. Retrieved 2018-08-01.
- arXiv:1807.07940 [cs.CR].
- Heise Security. Archivedfrom the original on 2018-08-01. Retrieved 2018-08-01.
- ^ Schwarz, Michael; Schwarzl, Martin; Lipp, Moritz; Gruss, Daniel (July 2018). "NetSpectre: Read Arbitrary Memory over Network" (PDF). Graz University of Technology. Archived (PDF) from the original on 2018-07-28. Retrieved 2018-07-28.
- Heise Security. Archivedfrom the original on 2018-07-28. Retrieved 2018-07-28.
- ZDNet. Retrieved 2018-11-17.
- ^ "Bitdefender SWAPGS Attack Mitigation Solutions". www.bitdefender.com. Retrieved 2019-08-07.
- ^ "Documentation/admin-guide/hw-vuln/spectre.rst - chromiumos/third_party/kernel - Git at Google". chromium.googlesource.com. Archived from the original on 2019-08-07. Retrieved 2019-08-07.
- ^ Winder, Davey (2019-08-06). "Microsoft Confirms New Windows CPU Attack Vulnerability, Advises All Users To Update Now". Forbes. Retrieved 2019-08-07.
- S2CID 222297495. Retrieved 2023-09-05 – via IEEE Xplore.
- ^ "I See Dead µops: Leaking Secrets via Intel/AMD Micro-Op Caches" (PDF). cs.virginia.edu. Archived from the original (PDF) on 2021-05-04. Retrieved 2021-05-05.
- S2CID 235415645.
- ^ arXiv:2302.01131 [cs.CR].
- ^ "Reading privileged memory with a side-channel". 2018. Archived from the original on 2018-01-04.
- ^ "Mitigations landing for new class of timing attack". 2018. Archived from the original on 2018-01-04.
- ^ a b c "Spectre Side Channels". kernel.org.
- ^ "Meltdown" (PDF). 2018. Archived (PDF) from the original on 2018-01-04.
- ^ "Spectre Attack Whitepaper" (PDF). Retrieved 2018-02-08.
- ^ "Meltdown and Spectre-faq-systems-spectre". Graz University of Technology. 2018. Archived from the original on 2018-01-03. Retrieved 2018-01-04.
- Thomson-Reuters. Archivedfrom the original on 2018-01-03. Retrieved 2018-01-03.
- ^ "Potential Impact on Processors in the POWER family". IBM. 2018.
- ^ "Intel Responds To Security Research Findings". Intel. 2018-01-03. Archived from the original on 2018-01-03. Retrieved 2018-01-04.
- Advanced Micro Devices. 2018. Archivedfrom the original on 2018-01-04. Retrieved 2018-01-04.
- ^ Novet, Jordan (2018-01-11). "AMD stock drops 3 percent after the company says its chips are affected by security flaw". CNBC. Retrieved 2018-04-07.
- ^ "AMD Chips Vulnerable to Both Variants of Spectre Security Flaw". Fortune. Retrieved 2018-04-07.
- ^ "Who's affected by computer chip security flaw". Archived from the original on 2018-01-04. Retrieved 2018-01-04.
- ^ "Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign". The Register. 2018-01-02.
- ^ "Meltdown and Spectre-faq-systems-spectre". Graz University of Technology. 2018. Retrieved 2018-01-04.
- Thomson-Reuters. Retrieved 2018-01-03.
- ^ "Today's CPU vulnerability: what you need to know".
- ARM Ltd.2018-01-03. Retrieved 2018-01-05.
- ^ "About speculative execution vulnerabilities in ARM-based and Intel CPUs". Apple Support. Retrieved 2018-07-17.
- ^ Fox-Brewster, Thomas (2018-01-03). "Massive Intel Vulnerabilities Just Landed – And Every PC User On The Planet May Need To Update". Forbes. Archived from the original on 2018-01-03. Retrieved 2018-01-03.
- ^ "Microprocessor Side-Channel Vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products". Dell. 2018-02-07. Retrieved 2018-02-11.
- ^ "Meltdown and Spectre Vulnerabilities". Dell. 2018-02-07. Retrieved 2018-02-11.
- ^ a b Metz, Cade; Chen, Brian X. (2018-01-04). "What You Need to Do Because of Flaws in Computer Chips". The New York Times. Retrieved 2018-01-05.
- ^ a b Pressman, Aaron (2018-01-05). "Why Your Web Browser May Be Most Vulnerable to Spectre and What to Do About It". Fortune. Retrieved 2018-01-05.
- ^ a b Chacos, Brad (2018-01-04). "How to protect your PC from the major Meltdown and Spectre CPU flaws". PC World. Archived from the original on 2018-01-04. Retrieved 2018-01-04.
- ^ a b Elliot, Matt (2018-01-04). "Security – How to protect your PC against the Intel chip flaw – Here are the steps to take to keep your Windows laptop or PC safe from Meltdown and Spectre". CNET. Archived from the original on 2018-01-04. Retrieved 2018-01-04.
- ^ a b Hachman, Mark (2018-01-09). "Microsoft tests show Spectre patches drag down performance on older PCs". PC World. Retrieved 2018-01-09.
- ^ "Computer chip scare: What you need to know". BBC News. 2018-01-04. Retrieved 2018-01-04.
- ^ "Intel says processor bug isn't unique to its chips and performance issues are 'workload-dependent'". The Verge. Retrieved 2018-01-04.
- Phoronix. Retrieved 2019-05-25.
- ^ "How Will the Meltdown and Spectre Flaws Affect My PC?". How-To Geek. 2018-01-04.
- ^ S2CID 222334633.
- ^ S2CID 253123810.
- ^ "Intel Analysis of Speculative Execution Side Channels" (PDF) (White Paper). Revision 1.0. Intel. January 2018. p. 5. Archived (PDF) from the original on 2018-05-01. Retrieved 2018-01-11.
second technique introduces the concept of a "return trampoline", also known as "retpoline"
- ^ "More details about mitigations for the CPU Speculative Execution issue". Archived from the original on 2018-01-05.
- ^ "Google Says CPU Patches Cause 'Negligible Impact On Performance' With New 'Retpoline' Technique". tech.slashdot.org. 2018-01-04.
- ^ Turner, Paul. "Retpoline: a software construct for preventing branch-target-injection – Google Help". support.google.com. Archived from the original on 2018-01-05.
- ^ Hachman, Mark (2018-01-25). "Intel's plan to fix Meltdown in silicon raises more questions than answers – But what silicon?!! Be sure and read the questions Wall Street should have asked". PC World. Retrieved 2018-01-26.
- ^ Fingas, Jon (2018-10-18). "MIT finds a smarter way to fight Spectre-style CPU attacks – DAWG offers more security without a steep performance hit". engadget.com. Retrieved 2018-10-18.
- ^ Taram, Mohammadkazem (2019-04-16). "Context-Sensitive Fencing: Securing Speculative Execution via Microcode Customization" (PDF).
- marc.info.
- ^ IBRS patch series, Intel, 2018-01-04.
- ^ ZDNet. Retrieved 2018-01-18.
- ^ Claburn, Thomas; Hall, Kat (2018-01-22). "'WHAT THE F*CK IS GOING ON?' Linus Torvalds explodes at Intel spinning Spectre fix as a security feature". The Register. Retrieved 2023-07-22.
- ^ Molnar suggesting to use function tracing, Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation, Ingo Molnar, 2018-01-23.
- ^ "Linux 4.15". KernelNewbies.
- ZDNet. Retrieved 2019-03-02.
- ^ Sometimes misspelled as "RSRE"
- ^ a b "Q2 2018 Speculative Execution Side Channel Update". Intel. 2018-06-25 [2018-05-21]. INTEL-SA-00115. Archived from the original on 2018-07-15. Retrieved 2018-07-15.
- ^ "Google's Mitigations Against CPU Speculative Execution Attack Methods". support.google.com. Archived from the original on 2018-01-03. Retrieved 2018-01-04.
- ^ "Mitigations landing for new class of timing attack". Mozilla Security Blog. 2018-01-03. Archived from the original on 2018-01-04. Retrieved 2018-01-04.
- ^ "Spectre mitigations in MSVC". C++ Team Blog. 2018-01-16. Retrieved 2021-01-18.
- ^ "Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)". Trusted Firmware-A 2.10.0 documentation. 2018-06-07. Retrieved 2024-01-23.
Further reading
- Kocher, Paul; Genkin, Daniel; Gruss, Daniel; Haas, Werner; Hamburg, Mike; Lipp, Moritz; Mangard, Stefan; Prescher, Thomas; Schwarz, Michael; Yarom, Yuval (2018). "Spectre Attacks: Exploiting Speculative Execution" (PDF). Archived (PDF) from the original on 2018-01-03.
- "WRITEUP (59.9 KB) – Project Zero – Monorail". bugs.chromium.org.
- Kiriansky, Vladimir; Waldspurger, Carl; Schwarz, Michael; Lipp, Moritz; von Berg, Benjamin; Ortner, Philipp; Piessens, Frank; Evtyushkin, Dmitry; Gruss, Daniel (2018). "A Systematic Evaluation of Transient Execution Attacks and Defenses". arXiv:1811.05441v3 [cs.CR].