Important information on Meltdown and Spectre
Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism
Based on the recent research findings from Google on the potential new cache timing side-channels exploiting processor speculation also known as Spectre and Meltdown, we have comprised an overview of affected product and recommendations to mitigate the issue.
Cache timing side-channels are a well-understood concept in the area of security research and therefore not a new finding. However, this side-channel mechanism could enable someone to potentially extract some information that otherwise would not be accessible to software from processors that are performing as designed.
What are the attack mechanisms?
There are three main variants of the exploits, as detailed by Google in their blogpost, that explain in detail the mechanisms:
- Variant 1: bounds check bypass (CVE-2017-5753)
- Variant 2: branch target injection (CVE-2017-5715)
- Variant 1: rogue data cache load (CVE-2017-5754)
The basic difference between Spectre and Meltdown is that Spectre can be used to manipulate a process into revealing its own data. On the other hand, Meltdown can be used to read privileged memory in a process's address space which even the process itself would normally be unable to access (this includes data belonging to the kernel or other processes).
What Beijer Electronics products are affected?
Above information and a list of active Beijer products that are affected can be found here: