Meltdown and Spectre

by Seth Noble |  Blog |  Jan 08, 2018

Recently announced security vulnerabilities (CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754) are believed to impact nearly all CPU hardware produced in the past decade.  These vulnerabilities may permit a malicious application running on affected hardware to access in-memory data that it would otherwise be prohibited from accessing.  Because the flaws exist in hardware, the short-term fix is to patch operating systems to make it more difficult for all applications to access sensitive memory.  This has the side effect of increasing overhead for some common tasks.  The effect this will have on application performance is not yet known.

No exploits are known to be active, the vulnerabilities cannot be remotely exploited, and the vulnerabilities are currently rated "medium" severity (5.6 out of 10 CVSS Severity score).  Because of the widespread deployment of the affected hardware, this matter is receiving widespread attention.

Data Expedition, Inc. does not produce hardware or operating systems, so our products are not affected by the vulnerabilities themselves.  However, the performance degradation caused by patches from operating system vendors may reduce the maximum network speed of DEI software, particularly on low-end systems.

Operating system vendors are only just now releasing patches and those patches are likely to be revised as their performance impact becomes better understood.  Our advice to customers is to carefully measure the maximum performance of DEI software on your systems before and after installing any patches.  If you observe a significant impact, please contact us with the details so that we can work with you to ensure that you continue to get the performance you need.

The following article provides a good summary of the vulnerabilities and their potential security, performance, and legal impacts: Understanding The Meltdown And Spectre Exploits: Intel, AMD, ARM, And Nvidia.