Blog

KERNEL MEMORY ISSUE: Meltdown / Spectre NZ

You may be aware of the global Kernel Memory Leakage vulnerability issues relating to CPU vendors which was announced to the public late last week by international media.
Our upstream provider is working on this and has outlined what you need to know below and they are actively working with their hardware vendors and operating system vendors to assess impact and remedial action.

What is the issue?
On January 4th, it was announced in the media (theregister.co.uk) that numerous industry wide vulnerabilities in Intel, ARM and AMD (alleged) CPU’s had been identified in relationship to Kernel Memory Leakage, known as Meltdown and Spectre. These vulnerabilities impact all compute running Windows, Linux, macOS (including server OS) and operating systems, and will require a patch to address the issue. These vulnerabilities allow for side channel exploits in rogue malicious applications to be able to read data stored on a computers system memory.  It is yet unknown the impact of the operating systems patch on operating system performance, however our upstream providers will continue to monitor our platforms and make the necessary adjustments where needed.

Am I affected by the vulnerability?

Yes. This is a global issue with CPU chip sets. The full extent of the impact is yet to be established. Right now, our upstream provider is doing everything possible by working with their vendors to rectify and remedy the known vulnerabilities.

What could be leaked?
If your system is affected by a malicious application, an exploit could read the memory content of the host server. This may include passwords and sensitive data stored on the system.
An attacker able to execute code with user privileges, can gain access to data in memory space, thus bypassing KASLR: (kernel address space layout randomization). This is a defence mechanism used by various operating systems to place components of the kernel in randomized locations in virtual memory.

Which systems are affected?
Desktop, Laptop, and Cloud computers may be affected by Meltdown/Spectre. More technically, every Intel (and potentially ARM and AMD) processor which implements out-of-order execution is potentially affected. This is effectively every processor manufactured since 1995 (except Intel Itanium and Intel Atom before 2013).

What is the difference between Meltdown and Spectre?
Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location.

  • Meltdown is Intel-only and takes advantage of a privilege escalation flaw allowing kernel memory access from user space, meaning any secret a computer is protecting (even in the kernel) is available to any user able to execute code on the system.
  • Spectre applies to Intel, ARM, and AMD processors and works by tricking processors into executing instructions they should not have been able to, granting access to sensitive information in other applications’ memory space

Is there more technical information about Meltdown and Spectre?
Yes, there is an academic paper and a blog post about Meltdown, and an academic paper about Spectre. Furthermore, there is a Google Project Zero blog entry about both vulnerabilities.

Tags: , , , , , , ,