Introduction to Meltdown/Spectre:
(Meltdown Spectre) There has been a lot of talk on the internet recently relating to the IT buzz words “Meltdown” and “Spectre”. These vulnerabilities are used by making CPU executions and determining data from memory based on execution time. The term for this process is called Speculative execution.
For a more in-depth understanding into how meltdown and spectre work, have a look at Bert Hubert’s deep dive explanation click here.
These Vulnerabilities are the result of a design flaw in modern processes that could potentially allow hackers to eavesdrop or read sensitive date on other applications running on a shared server / hypervisor.
What are the differences between Meltdown Spectre?
The key differences are:
- Meltdown can read the kernel memory on the operating system.
- Spectre can read kernel memory on the host hardware including the Virtual Machines and the Hypervisor itself.
Impact for businesses
The biggest impact to business is the additional CPU utilisation after patching the vulnerability’s. This could have a significant impact for Virtual desktop infrastructure or Applications which are resource intensive like SQL. Geekwire stated: “The two vulnerabilities take advantage of a 20-year-old design flaw in modern processors can be “mitigated,”the word we’re apparently using to describe this new world in 2018 where servers became somewhere around ten to 20 percent less effective for several common workloads.”
— Peter Czanik (@PCzanik) January 5, 2018
The #Meltdown patch (presumably) being applied to the underlying AWS EC2 hypervisor on some of our production Kafka brokers [d2.xlarge]. Ranges from 5-20% relative CPU increase. Ooof. pic.twitter.com/fXM0OzfdKx
— Ian Chan (@chanian) January 6, 2018
There are other factors which should be considered:
- The vulnerability does not just impact Performance but also User Experience.
- Patches are continuing to be created and tested.
- Antivirus must support the fix
- Known applications have reported to have issues after the current released hot hotfixes.
- BBC – how chip hack works
- BBC – Meltdown fix can make some machines slower
- VMware sticks finger in Meltdown/Spectre dike for virtual appliances
- Geekwire – A week later, the long-term impact of the Meltdown and Spectre chip flaws is starting to become clearer