With recently identified major flaws in modern CPUs, all major software and (CPU) hardware companies rushed to provide as quick solutions as possible to their systems. For more detailed information checkout this site and for a programmer’s view or to test on a linux system try this.
Since the computer OS (Operating System) kernel space is highly protected (as well as any other process space) and isolated from other processes interference, any breakdown in this will lead to major issues. Quote from the (Meltdown) paper – “The attack is independent of the operating system, and it does not rely on any software vulnerabilities. Meltdown breaks all security assumptions given by address space isolation as well as paravirtualized environments and, thus, every security mechanism building upon this foundation”
And paper also provides the details on the scope of the issue which affects all modern computers/ phones!! Quote – “On affected systems, Meltdown enables an adversary to read memory of other processes or virtual machines in the cloud without any permissions or privileges, affecting millions of customers and virtually every user of a personal computer”
(PS: Bold highlighting added my me)
Reading through the paper and looking at the example code snippet below took me back to the days when I did some assembly level programming on Intel 8086 series. It was fun, challenging and interesting.
1 ; rcx = kernel address
2 ; rbx = probe array
4 mov al, byte [rcx]
5 shl rax, 0xc
6 jz retry
7 mov rbx, qword [rbx + rax]