Skip to main content

Home Meltdown vulnerability

Meltdown vulnerability

Meltdown vulnerability definition

Meltdown is a vulnerability that affects microprocessors in modern computers, allowing unauthorized access to sensitive data stored on the device. It was first discovered in early 2018 by security researchers from Google's Project Zero, Cyberus Technology, and Graz University of Technology.

See also: ARM processor

How Meltdown works

  • Speculative execution. The vulnerability lies in a technique called speculative execution, which processors use to optimize performance by predicting and executing future instructions in advance. Usually, during speculative execution, the processor predicts the outcome of a conditional branch instruction and speculatively executes subsequent instructions based on that prediction. If the prediction is correct, the processor saves time by having the instructions already executed and ready for use. However, if the prediction is incorrect, the processor discards the speculative results.
  • Speculative execution window. The attacker runs malicious code on the target system, and it triggers a conditional branch instruction that should not normally be executed. However, due to speculative execution, the processor begins running the subsequent instructions speculatively, including accessing memory locations that should be inaccessible.
  • Unauthorized data access. As the speculative execution continues, the processor fetches and temporarily stores the contents of memory locations that the attacker's code shouldn't have access to. This includes all kinds of data, including passwords, encryption keys, and other sensitive information.
  • Side channel attack. Although the processor should discard the speculatively executed instructions and the accessed data if the branch prediction was incorrect, a side channel attack is used to retrieve this information before it is discarded. By carefully timing and monitoring the processor's behavior, the attacker can download the contents from the accessed memory.