www.belgium.be Logo of the federal government

Reference: CERT.be Advisory #2018-001
Version: 2.0
Affected systems: [CPUs (Intel, AMD, Qualcomm), architectures: x86, x86_64, ARM]
Type: CPU hardware vulnerable to side-channel attacks


Two new side-channel based attacks, dubbed Meltdown and Spectre, affect the main CPU architectures. While Spectre affects all three major chip makers (Intel, AMD and ARM), AMD claims their processors are immune to Meltdown.

To achieve high performance, modern processors implement several optimization techniques such as out-of-order execution (used in Meltdown) or branch prediction (used in Spectre). These mechanisms have side-effects that can be leveraged by attackers to:
• read the content of private kernel memory (Meltdown)
• access information about other processes, including a virtual machine’s host operating system (Spectre).The issue comes from hardware design choices, and any workaround will have to come at the operating system level.

Systems affected by Meltdown

  • Researchers successfully conducted exploitation on Intel processors. Exploitation on other systems is currently unknown; the research paper doesn’t discard this possibility.

  • Desktops, laptops and handheld Intel CPU based devices are all affected.


Systems affected by Spectre

  • Most devices using Intel, AMD or ARM A75 based processors are affected.


For both vulnerabilities, exploitation can provide access to non-authorized memory pages (user and kernel level).
For both vulnerabilities, the most exposed systems are cloud providers because they present a larger attack surface. The risk for the general public is much lower.
Researchers of the Spectre vulnerability have been able to exploit it using Javascript code. This makes browser-based exploitation of Spectre possible.
Some systems can be vulnerable to both.


Currently, researchers have identified three vulnerabilities:

  • CVE-2017-5715
  • CVE-2017-5753
  • CVE-2017-5754

Devices that are affected:

  • • Servers
    • Workstations
    • Laptops
    • Cell phones
    • Tablets
    • Smart TVs
    • IoT devices
    • Other devices with affected CPUs