Spectre and meltdown are two processor level vulnerabilities. The Intel-specific vulnerability hasbeen called Meltdown, while the other vulnerability is spectre which is not anintel- specific vulnerability but affects all other chip makers as well, thoughspectre is a vulnerability that can be called more serious as it’s rooted infundamental processor design flaws these two vulnerabilities area result of a change in processing that was supposed to increase the speed ofthe processor the processors are made to anticipate what the users are going todo next and do calculations according to the input in the background, thus therelevant details are displayed as an output this process is called speculativeexecution, this system seems faster to the user.
Kernels in operating systems havecomplete control over the entire system, and connect applications to the processorand the memory. Due to this speculative execution the programs can go throughthe kernel access protections allowing regular apps to read the information ofkernel memory Sensitive information such as passwords caneasily be accessed. Linux programmers are coming up with asolution which separates the kernels memory away from user processes this isnow being called the kernel page table isolation.The problem with the bug fixes isthat this will result in a slowdown from about 5% to 30% depending upon the Intelprocessors while linux patches have been coming out in the past months awindows 10 fix is still not available. This has become a major concern as thesevulnerabilities have been around for about 20 years, allowing programmers to gain access to data all these years, there is no way to know how muchdata has been acquired through these vulnerabilities.The long term fix for these problems wouldhappen at the processor level, and that is possible only when the nextgeneration of processors come out and are developed to eliminate this loopholein the first place. Till then it is quite important t keep updating systemswith these systems as soon as possible. But it’s quite likely that the nextgeneration processors will be slower then the ones that have been releasedrecently.
With the digital world we live in it is necessary we stay vigilant asto make sure that we are safe from such threats.
