CVE

幽靈（英語：Spectre）

Spectre是一個可以迫使使用者作業系統上的其他程式存取其程式電腦記憶體空間中任意位置的漏洞。
Spectre不是單個易於修復的漏洞，而是一類潛在漏洞的總和。它們都利用了一種現代微處理器為降低記憶體延遲、加快執行速度的常用方法「預測執行」的副作用。
推測執行（亦作預測執行、投機性執行，英語：Speculative execution）是最佳化技術的一類，採用這個技術的電腦系統會根據現有資訊，利用空轉時間提前執行一些將來可能用得上，也可能用不上的指令。
For ex., 假設某程式的結構如下：

• 從網路上下載一個資料A(耗時30秒)。
• 如果下載A成功，則直接給出A的答案。
• 如果下載A失敗，則計算算數B(耗時30秒)，並給出這個答案。

如果沒有推測執行功能，那麼當A下載後發現失敗，那麼就要再花30秒做算術B，總共耗時1分鐘。
但是，由於下載過程中CPU是空轉，CPU可以在下載A的同時將B算出。這樣如果將來需要到B，就節省了30秒的時間。就算不需要，丟棄B即可，僅增加些許功耗之外，也沒有什麼壞處。

Speculative Processor Vulnerability

There are four main variants of the exploits, as detailed by Google in their blogpost, that explain in detail the mechanisms:

• Variant 1
bounds check bypass store (CVE-2017-5753) and bounds check bypass store (CVE-2018-3693)
• Variant 2
branch target injection (CVE-2017-5715)
• Variant 3
using speculative reads of inaccessible data (CVE-2017-5754)
• Subvariant 3a
using speculative reads of inaccessible data (CVE-2018-3640)
• Variant 4
speculative bypassing of stores by younger loads despite the presence of a dependency (CVE-2018-3639)

Spectre Variant 4 (Speculative Store Bypass) aka CVE-2018-3639

The mitigating solution is to disable the "Memory Disambiguation" feature in the processor, either system-wide or selectively for single processes.

Spectre and Meltdown explained: A comprehensive guide for professionals

Spectre and Meltdown individually represent classes of hardware vulnerabilities, each with a number of variants dependent on specific silicon-level functionality.
While these are fundamentally hardware design flaws, attempts to remediate on a software level have seen some success.

What are Spectre and Meltdown?

• Spectre is a vulnerability allowing for arbitrary locations in the allocated memory of a program to be read.
• Meltdown is a vulnerability allowing a process to read all memory in a given system.

Spectre and Meltdown are representative examples of “transient execution” attacks, which rely on hardware design flaws in the implementation of :

• speculative execution
• instruction pipelining
• out-of-order execution

in modern CPUs.

What risks are associated with Spectre and Meltdown?

Spectre and Meltdown enable attackers to extract encryption keys and passwords from compromised systems.

How do Spectre and Meltdown work?

A quick primer on modern processor design

The microarchitecture of modern processors designed in performance improvement focus largely on parallelism.
Two independent optimization techniques of modern processors, used in conjunction, are key to understanding how Spectre and Meltdown are hardware-level vulnerabilities.

Out-of-order execution

Speculative execution

How Spectre works