Spectre and Meltdown
Two flaws in the way nearly every modern processor predicts the future let any program read memory it was never supposed to see.
In early January 2018, several research teams — Google Project Zero, and academic groups at Graz, among others — disclosed two related classes of vulnerability that did not live in any piece of software. They lived in the silicon. Almost every high-performance processor manufactured in the previous two decades was affected.
Speculating about secrets
Modern CPUs are fast partly because they guess. When a processor encounters a branch it cannot yet resolve, it speculatively executes down the likely path and discards the work if the guess was wrong. Spectre and Meltdown showed that the discarded work leaves measurable traces in the CPU cache. By timing carefully chosen memory accesses, an attacker could reconstruct the secret values the processor had touched during speculation — including memory belonging to the kernel or to other processes.
Meltdown principally affected Intel chips and could be mitigated, at a performance cost, by reworking how operating systems mapped kernel memory. Spectre was deeper. It was a consequence of speculative execution itself, present across Intel, AMD, and ARM, and could not be fully fixed without rethinking processor design.
A coordinated, leaky disclosure
The disclosure had been embargoed for months while vendors prepared patches. It leaked early through observed kernel-development activity and press inference, forcing a rushed public release. The mitigations that followed measurably slowed certain workloads and reshaped cloud provisioning economics.
What the chronicle remembers
Spectre and Meltdown moved the security boundary below the operating system. They established speculative execution side-channels as a permanent research field and forced an industry-wide acceptance that performance optimizations decades old could be load-bearing security assumptions all along.