To benefit from the work I put into my typography, read natively at: A Simple Explanation of the Differences Between Meltdown and Spectre.

—

[image error]

Many people have pinged me asking for a dead-simple explanation of the differences (and similarities) between these two attacks. Here’s an extremely basic summary:

The mitigation story will continue to evolve as time passes, and will include hardware and firmware updates eventually.

Meltdown is Intel-only and takes advantage of a privilege escalation flaw allowing kernel memory access from user space, meaning any secret a computer is protecting (even in the kernel) is available to any user able to execute programs on the system.
Spectre applies to Intel, ARM, and AMD processors and works by tricking processors into executing instructions they should not have, granting access to sensitive information in other applications’ memory space.

There are software patches for both Meltdown and Spectre, but they’re more straightforward for Meltdown.

I say “multiple users” here as a reference to entities who might attack one another. You can actually use these attacks to read content from any application even if you only have a single user.

The major risk consideration here is whether you have multiple users sharing a single CPU.

This means regular systems with multiple accounts, virtualization environments, and cloud. Your risk will be different depending on the hardware platforms used, the operating systems running on those platforms, and your various patch levels at any given time, but the basic concept for these two attacks is that you should consider secrets to be attackable on multi-user systems that share a CPU.

In short, both Meltdown and Spectre allow low-privilege users to read sensitive information from memory on the same system via Speculative Execution. The difference is that Meltdown takes advantage of a specific Intel privilege escalation issue to do this, while Spectre uses the combination of Speculative Execution and Branch Prediction. Both issues can be addressed with software patches, but this is more effective for Meltdown than Spectre.

Notes


The Meltdown Paper.
The Spectre Paper.
If you see any flaws in this simplification, please let me know so that I can correct them.

—

I spend 5-20 hours a week collecting and curating content for the site. If you're the generous type and can afford fancy coffee whenever you want, please consider becoming a member at just $10/month.

Begin Membership

Stay curious,

Daniel