Simple explanation of the "Meltdown" vulnerability affecting almost every computer EXCEPT the one you can buy for $5

A truly great article from Eben Upton, founder of Raspberry Pi, offers a simple explanation for the basis of the Meltdown vulnerability. Well worth the read.

Oh, and that Raspberry Pi Zero single board computer you can buy for $5 is immune.

Bottom line: simplicity may not be better, but it is safer.

In a nutshell: common techniques to make processors faster have side-effects that are not directly observable. By indirectly measuring the presence/absence of the side effect, one can infer the content of protected memory.

Slightly more detail: "speculative execution" is technique whereby a processor will execute the body of a conditional statement ("if-then") before it determines whether the condition is true. This speculative execution happens in a sort of "alternative universe" that will be discarded should the condition turn out to be false. No harm, no foul.

The second technique is "caching": to speed up execution, processors may save frequently used data in fast, on-chip "cache" memory to avoid the time penalty of accessing slower, off-chip memory.

The Meltdown vulnerability is based on the speculative execution of a piece of code which accesses one of two possible pieces of unprotected memory. The determination of which of these two pieces to access is based on the content of protected memory. Whichever piece is accessed winds up in the cache.

So even though the result of the speculatively executed code is discarded, and the protected memory is not directly visible, by measuring the time to access the two pieces of unprotected memory (to determine which has been cached) one can deduce the content of protected memory.

#Meltdown, #Spectre, #CyberSecurity, #infosec