A high level overview #Meltdown

Leaking data from the core of the operating system to an unprivileged program

The system running on your computer consists of two parts, the operating system (Windows, Linux, Android, MacOS) and the programs you run (Internet Explorer, Firefox, Photoshop, Warcraft, Chrome, Safari, Steam)

Although it’s not easy for the end user to tell the difference apart from many of the built in applications from the core of the operating system but if you interact with it IS an application and this is known as USER SPACE.

That underlying core, known as THE KERNEL, acts as a broker between USER SPACE (the applications) and the actual hardware of the computer. That’s the DISK, NETWORK, WiFi, SCREEN, KEYBOARD, MOUSE etc

In order to keep the KERNEL separate from USER SPACE computer processors (this is the CPU and is a big piece of electronics in the heart of your computer) are designed to have several levels of operation called RINGs. The most important of these are RING0 which is where the KERNEL is supposed to run and RING3 which is where USER SPACE is supposed to run.

In order to improve the speed of your home computer the manufactures have used various methods of trying to predict what program code is going to run next. Unfortunately the techniques used have flaws and it is possible for someone to write a simple program which runs in USER SPACE, this can even run in your web browser, which would allow the owner of a website to access passwords, cryptographic keys (PGP etc), bitcoin, your thumb print or face ID, your bank authentication, etc in the KERNEL.

The software updates being issued by Microsoft, Apple, Linux, etc are effectively working around a fundamental problem with the design of the electronics in computer chips and until the manufacturers resolve these they will exist for years  if not decades to come.

Advertisements