Editing cve/cve-2017-5754

{{cve title|CVE-2017-5754 (Meltdown, Variant 3)}}
[[File:meltdown-text.svg|125px|right]]
'''[[cve id::CVE-2017-5754]]''' ('''Meltdown''', '''Variant 3''', '''Rogue Data Cache Load''') is a [[microprocessor]] vulnerability that allows an attacker to overcome all memory isolation mechanisms offered by the microprocessor by causing it to [[speculatively execute]] code [[out-of-order]] that loads inaccessible information which end up changing the cache state of the [[microarchitecture]], thereby leaking information through [[side-channel analysis|side-channel timing analysis]].

== Overview ==
''Rogue Data Cache Load'' leverages the [[speculative execution]] [[out-of-order]] behavior of the [[microprocessor]] in order to cause some code to expose more information than intended. Specifically, Meltdown breaks the basic memory isolation assumptions that's used by the operating system to manage the virtual memory of each process.

Consider the following code.

<source lang=C>
char val = *(char *)0xAAAAA;
</source>

When executed, this line will likely cause a [[segmentation fault]] due an access restriction violation. Meltdown demonstrated that while the fault is being handled by the operating system (in an elevated supervisor mode), the microprocessor can continue to execute subsequent code [[out-of-order]] under [[speculative execution|the assumption]] that this is the right path. More-so, Meltdown demonstrated that this code can be executed as supervisor, thereby reading potentially memory it should not have access to. A carefully crafted piece of code by an attacker can be used in a way similar to {{cve|cve-2017-5753|Spectre Variant 1}} to leak any kernel space memory.

== Example ==
Consider the following (simplified) code.

<source lang=C>
char probeTable[256] = {0};  /* op 1 */
/* ... */
char val = *(char *)0xAAAAA; /* op 2 */
char temp = probeTable[val]; /* op 3 */
</source>

Consider what happens when operation 2 is executed. The microprocessor will realize that this is an [[access violation]] and the exception will result in a [[context switch]] to the operating system in order to handle the fault. When this happens, the microprocessor will also [[speculative execution|speculatively]] start to execute operation 3 out of order. Meltdown demonstrated that this code can be executed as supervisor, thereby reading potentially memory it should not have access to.

Since <code>probeTable</code> is uncached, the code that executed cause a [[cache miss]], resulting the microprocessor going and grabbing the value from [[main memory]]. Meanwhile, the operating system will likely kill the process the for the invalid memory access.

Although the code has been terminated and the architectural state of the machine has been restored, the state of the microarchitecture has changed. If an attacker is running a second process (e.g., a parent process), then <code>probeTable[]</code> can be used in conjunction with a [[side-channel analysis]] timing attack, to determine the value of <code>byte</code> in <code>probeTable[byte]</code>. Since <code>probeTable</code> was initially uncached, the only element in <code>probeTable</code> that is [[cached]] is the secrete byte stored in <code>*(char *)0xAAAAA</code>.

This method can then be used repeatedly to read a larger part of memory.

== Affected Processors ==
Below is a list of known affected processors, alphabetized. This is '''NOT''' en exhaustive list but rather the once we were able to verify!

{| class="wikitable"
|-
! colspan="3" | List of Processors affected by Meltdown
|-
! Designer !! Processor/Architecture !! Related Notes
|-
| rowspan="6" | [[Apple]] || {{apple|Swift|l=arch}} ({{apple|A6}}/{{apple|A6X}}) || rowspan="6" | [https://support.apple.com/en-us/HT201222 Post]<br>[https://support.apple.com/en-us/HT208331 Post]
|-
| {{apple|Cyclone|l=arch}} ({{apple|A7}})
|-
| {{apple|Typhoon|l=arch}} ({{apple|A8}}/{{apple|A8X}})
|-
| {{apple|Twister|l=arch}} ({{apple|A9}}/{{apple|A9X}})
|-
| {{apple|Hurricane|l=arch}} ({{apple|A10}}/{{apple|A10X}})
|-
| {{apple|Monsoon|l=arch}} ({{apple|A11}}/{{apple|A11X}})
|-
| rowspan="4" | [[ARM Holdings|ARM]] || {{armh|Cortex-A15|l=arch}} || rowspan="10" | [https://developer.arm.com/support/security-update Post]
|-
| {{armh|Cortex-A57|l=arch}}
|-
| {{armh|Cortex-A72|l=arch}}
|-
| {{armh|Cortex-A75|l=arch}}
|}
{{expand list}}

== Proof-of-Concept ==
* Meltdown Proof-of-Concept - https://github.com/IAIK/meltdown

== See also ==
* {{cve|CVE-2017-5753}}, Spectre, Variant 1
* {{cve|CVE-2017-5715}}, Spectre, Variant 2

== References ==
* Lipp, Moritz, et al. "[https://arxiv.org/abs/1801.01207 Meltdown]." arXiv preprint arXiv:1801.01207 (2018).
* "CVE-2017-5754", https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754

== Documents ==
* [[:File:intel-ref-336983-001.pdf|White Paper: Intel Analysis of Speculative Execution Side Channels]] 

[[category:cve]]
@@ Line 12: / Line 12: @@
 </source>
-When executed, this line will likely cause a [[segmentation fault]] due an access restriction violation. However, the microprocessor can continue to execute subsequent code [[out-of-order]] while memory reference is being resolved (including TLB lookup and page table walk, if necessary) - processor does not wait for it to complete. In Meltdown-affected processors, the speculative execution happens even if data reference points to an existing, but privileged memory area - the "val" is speculatively available to subsequent speculative instructions.
+When executed, this line will likely cause a [[segmentation fault]] due an access restriction violation. Meltdown demonstrated that while the fault is being handled by the operating system (in an elevated supervisor mode), the microprocessor can continue to execute subsequent code [[out-of-order]] under [[speculative execution|the assumption]] that this is the right path. More-so, Meltdown demonstrated that this code can be executed as supervisor, thereby reading potentially memory it should not have access to. A carefully crafted piece of code by an attacker can be used in a way similar to {{cve|cve-2017-5753|Spectre Variant 1}} to leak any kernel space memory.
 == Example ==
@@ Line 24: / Line 24: @@
 </source>
-Consider what happens when operation 2 is executed. The microprocessor performs the load. If address 0xAAAAA points to OS kernel data, access will not be allowed - but this can only be known after page tables are examined. While this happens, the microprocessor will [[speculative execution|speculatively]] execute op 3 while memory load in op 2 did not reach the retire stage. When op 2 is retired, exception is raised and speculative execution results are dropped.
+Consider what happens when operation 2 is executed. The microprocessor will realize that this is an [[access violation]] and the exception will result in a [[context switch]] to the operating system in order to handle the fault. When this happens, the microprocessor will also [[speculative execution|speculatively]] start to execute operation 3 out of order. Meltdown demonstrated that this code can be executed as supervisor, thereby reading potentially memory it should not have access to.
-However, if <code>probeTable</code> was uncached, the code in op 3 caused a [[cache miss]], resulting the microprocessor going and grabbing the value from [[main memory]]. By measuring time to read each probeTable[i] element, we can determine which element is cached now. From this, we can infer the value of "val".
+Since <code>probeTable</code> is uncached, the code that executed cause a [[cache miss]], resulting the microprocessor going and grabbing the value from [[main memory]]. Meanwhile, the operating system will likely kill the process the for the invalid memory access.
+Although the code has been terminated and the architectural state of the machine has been restored, the state of the microarchitecture has changed. If an attacker is running a second process (e.g., a parent process), then <code>probeTable[]</code> can be used in conjunction with a [[side-channel analysis]] timing attack, to determine the value of <code>byte</code> in <code>probeTable[byte]</code>. Since <code>probeTable</code> was initially uncached, the only element in <code>probeTable</code> that is [[cached]] is the secrete byte stored in <code>*(char *)0xAAAAA</code>.
 This method can then be used repeatedly to read a larger part of memory.
 == Affected Processors ==
-Below is a list of known affected processors, alphabetized. This is '''NOT''' en exhaustive list but rather the ones we were able to verify.
+Below is a list of known affected processors, alphabetized. This is '''NOT''' en exhaustive list but rather the once we were able to verify!
 {| class="wikitable"
@@ Line 51: / Line 53: @@
 | {{apple|Monsoon|l=arch}} ({{apple|A11}}/{{apple|A11X}})
 |-
-| rowspan="4" | [[ARM Holdings|ARM]] || {{armh|Cortex-A15|l=arch}} || rowspan="4" | [https://developer.arm.com/support/security-update Post]
+| rowspan="4" | [[ARM Holdings|ARM]] || {{armh|Cortex-A15|l=arch}} || rowspan="10" | [https://developer.arm.com/support/security-update Post]
 |-
 | {{armh|Cortex-A57|l=arch}}
@@ Line 58: / Line 60: @@
 |-
 | {{armh|Cortex-A75|l=arch}}
-|-
-| rowspan="9" | [[Intel]] || {{intel|Nehalem|l=arch}} || rowspan="2" |
-|-
-| {{intel|Westmere|l=arch}}
-|-
-|{{intel|Sandy Bridge|l=arch}} || rowspan="7" | [https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr Post]
-|-
-| {{intel|Ivy Bridge|l=arch}}
-|-
-| {{intel|Haswell|l=arch}}
-|-
-| {{intel|Broadwell|l=arch}}
-|-
-| {{intel|Skylake|l=arch}}
-|-
-| {{intel|Kaby Lake|l=arch}}
-|-
-| {{intel|Coffee Lake|l=arch}}
 |}
 {{expand list}}