Skip to content

Meltdown and Spectre : CPU vulnerabilities — Explained and Exploited

Notifications You must be signed in to change notification settings

jarmouz/spectre_meltdown

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Meltdown and Spectre : CPU vulnerabilities — Explained and Exploited

Systems Affected :

CPU hardware implementations

Description :

Meltdown and Spectre are the names of two serious security flaws that have been found within computer processors. They could allow hackers to steal sensitive data without users knowing, one of them affecting chips made as far back as 1995.

What are Meltdown and Spectre ?

Meltdown is a security flaw that could allow hackers to bypass the hardware barrier between applications run by users and the computer’s core memory, which is normally highly protected. Spectre is slightly different. It potentially allows hackers to trick otherwise error-free applications into giving up secret information.

Exploitation : [for test purposes only]

This test is conducted on a machine with the following CPU architecture :

alt text

Spectre CVE-2017–5753 and CVE-2017–5715 :

PoC from Spectre Attacks: Exploiting Speculative Execution (https://spectreattack.com/spectre.pdf) :

  • Download Spectre code from github
  • Compile the C program with : gcc spectre.c

alt text

  • Execute a.out with : ./a.out

alt text

Meltdown CVE 2017–5754 :

alt text

I am affected ?

A big thanks for @speed47

https://github.com/speed47/spectre-meltdown-checker

alt text

References :

Contact :

Detection :

My article Link :

About

Meltdown and Spectre : CPU vulnerabilities — Explained and Exploited

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published