Intel, AMD, Qualcomm, and ARM architecture are all affected. The Spectre family of attacks is documented under CVE-2017-5753 and CVE-2017-5715. Intel is the primary component to Meltdown. Yet, all operating systems built on Intel technologies are potentially a victim. Intel has been producing their defective, yet needed, processors into the market since 2010.
Meltdown exploits side effects of out-of-order execution on modern processors to read arbitrary kernel-memory locations including personal data and passwords. The attack is independent of the operating system and software. Meltdown breaks all the rules of computer security address space, consequently every security mechanism built upon its technology. Operating systems security ensures users and applications are prevented from reading and writing to areas which are not allowed. This is a cornerstone to IT infrastructure user and network management. However, it is violated with Meltdown. Isolation of the kernel memory and users is known by a bit of the processor that defines what can be accessed. Memory is isolated by using virtual memory spaces translated into physical memory, except in Windows 10 which uses page pooling and system cache. Memory isolation allows for the operating system to map the kernel to the address space for every process since CPUS do not use linear instruction streams. However, Meltdown allows overcoming the restrictions by using the user’s credentials. It tailors itself to the user’s software environment. Meltdown runs an out-of-order execution of processes to retrieve the data from memory. This out-of-order or transient processing is when the processor is looking ahead to guess as to what the next step should be. Privileged memory of a side channel can be read and dumped in out-of-order execution stream. Meltdown is the execution of transient instructions and transfer of the microarchitechural state.