On 3 January 2018, security researchers at Google, Graz University of Technology, and several other education institutions disclosed multiple vulnerabilities found in most modern Intel, AMD and ARM processors. The more severe vulnerability, Meltdown (CVE-2017-5754), appears isolated to Intel processors developed in the last 10 years. Spectre (CVE-2017-5715 and CVE-2017-5753) on the other hand, theoretically affects all processors that use speculative execution (more on that later), including most modern processors manufactured by Intel, AMD, ARM and Qualcomm.

​

Before diving in to a high-level overview of these vulnerabilities and how they work, lets get our basics clear about the building blocks of this vulnerabilities.

​

Modern CPU Architecture:

Modern operating systems rely on certain security features that prevent unprivileged processes from reading the memory of other unprivileged processes or privileged processes (like the system kernel). For example, a web browser application should not be able to read the memory used by a password manager. The operating system and CPU work together to prevent unprivileged memory access by allocating individual virtual memory pools for each process, and by setting specific privilege checks like readable, writable, executable, and user-accessible for each virtual-to-physical memory mapping. If an unprivileged process attempts to access a memory mapping that it should not have access to, the CPU raises an exception and process execution is halted.

​

What is "Speculative Execution"?

Modern CPUs also use a feature called “speculative execution” which is a form of pipelining where multiple processing instructions are executed in parallel instead of sequentially. If no issues occur during execution of the instructions, the CPU saves time by having results ready to go as needed instead of having to wait for each instruction execution to complete before moving on to the next. However, if any exceptions occur during one of the instruction executions, the instructions that take place after the exception are discarded.