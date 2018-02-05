This blog reviews the details of Meltdown and discusses the inherent immunity for end users provided by Bromium’s architecture.

Meltdown is an Intel CPU vulnerability leveraging speculative execution which gives an attacker-controlled process the ability to read arbitrary memory belonging to the kernel.

Although it doesn’t allow for an attacker to directly take control of the kernel, there is enough sensitive information residing within kernel memory (password hashes, bitlocker keys ect.) that this presents a direct threat to the end user’s security.

In an upcoming blog post, I will discuss Meltdown’s brother, Spectre, and show how Bromium mitigates likely Spectre attacks. I’ll explain the steps we have taken in response to harden the Bromium hypervisor against possible future Spectre attacks.

What follows is a technical summary – or anatomy – of Meltdown and how it works. It’s important to know that we don’t believe Bromium customers are risk from Meltdown because of how we do application isolation that’s hardware enforced. There’s more on this at the end of the blog. So let’s get started with a short review.

Key Concepts that Define Meltdown

Virtual memory vs physical memory.

For reasons of both security and storage optimization, a process’s memory as it sees it doesn’t map directly to the physical memory. Rather the process’s virtual memory is translated via page tables managed by the CPU to a physical offset in memory. Since the mapping of the user space memory of each process in the system should not generally overlap (with the exception of shared libraries and memory segments designed with this in mind), this precludes the ability of one process to directly read sensitive data from the user space memory of another.

