PC Engines Home
About Spectre and Meltdown vulnerabilities
Meltdown This vulnerability seems to be specific to Intel processors. See Wikipedia for a good summary.
Spectre This vulnerability can be exploited on many modern processors. See Wikipedia for a good summary.
AMD statement ? AMD has provided this semi-informative update on these issues.

In my opinion, AMD CPUs are probably safe against the Meltdown vulnerability. The Spectre attack can probably be made to work on just about any modern CPU.

Spectre pseudocode
uncache a;			// get variable a out of L1 data cache
trick_branchcache;		// do whatever it takes to get speculative execution to run
				// the following code
if not_true then
  x=[kernel_memory];		// read memory that does not belong to us - normally this would
				// cause a fault, but exceptions caused by a speculative branch
				// will not be triggered, just the results discarded
  if (x and mask) then
    y:=a;			// if a data bit in x is set, read variable a. 
				// as a side effect, variable a will end up in L1 data cache again.
end;				
start:=readtsr;			// get high resolution time stamp
z:=a;				// read variable a
stop:=readtsr;			// another time stamp

Based on the timing of the read of variable a, we can deduce whether the kernel memory data bit was set or not. The process is probably not 100% reliable, but with a bit of retries we should be able to get at data we should not see.

This attack is not easy to prevent by CPU design, at least not without incurring a performance penalty.

Proof of concept code https://github.com/crozone/SpectrePoC - also demonstrated on the AMD CPU used on our boards.
OS update ? The operating system can be reengineered to separate address spaces more clearly. This will cause a performance hit. Another option would be to make access to the CPU time stamp register a privileged operation.
Software update ? At the Javascript or similar level, interpreters could deny access to high resolution timing data.
BIOS update ? Nothing the BIOS can do, the vulnerability must be handled at the OS level.
© 2002-2018 PC Engines GmbH. All rights reserved .