CPU Vulnerability Can Allow Attackers to Read Privileged Kernel Memory and Leak Data

A hardware vulnerability, discovered independently by researchers from academia and Google, underscores a microprocessor flaw that, if exploited, could allow an attacker to read data from privileged kernel memory.

 

This vulnerability is considered an important flaw for complex infrastructures and cloud deployments and must be addressed to prevent potential future impact.

Since this flaw impacts all modern microprocessors, it can affect any device that uses them, including multiple operating systems running on mobile devices, laptops, workstations and servers.

It is important to note that to exploit this vulnerability, a malicious actor would need to execute untrusted code on the physical system or on a virtual machine linked to that system. This may include running content from webpages loaded in web browsers or accessed through mobile apps.

One Flaw, Three Variations

The flaw has three technical variations which were attributed three separate CVEs. Researchers have named two of them “spectre” and one of them “melt down.” Each of those could result in:

• Privilege escalation
• Data leakage from privileged kernel memory
• Patching may result performance degradation

Continue reading this blog post here