Attacks with speculative execution of the processor is about a route to speculate, that not speculative performance follows. In this case, a kernel function can be included that prevents the code from accessing the end of an array, thereby returning an error. An attack that uses the Specter vulnerability skips this control, which can be used to access data, the code that was specifically written not to access it. The error fix is a note that possibly will damage the system.
By executing malicious code on an affected system, an attacker could read memory contents of other running processes on the same system, such as cached passwords or other private data. The vulnerabilities can only be exploited if an attacker can execute their own code by either starting their own program or injecting malicious code through another vulnerability. The meltdown attack scenario uses the side effects of a technology known as out-of-order execution. The Specter program aims at functions for branch prediction and speculative execution of modern processors.
Affected Systems
Many products use one or more CPUs, especially the SyncFire product families have at least one management CPU and additional CPU cards such as the HPS-100 modules. The management CPU of these products is a Geode embedded microprocessor. AMD as the manufacturer of the CPU has unfortunately not published a detailed list of all CPU models and their status with regard to Specter. Instead, AMD announced that all AMD CPUs are affected by the bounds check bypass vulnerability.
A technical analysis of the AMD processor was carried out by Specter suppliers. Newspapers were informed that with a 100% certainty that the AMD Geode LX is not affected. The CPU does not support speculative execution and the out-of-order execution capabilities of the CPU are only mentioned in relation to the processor in the data sheet.
