{"id":10311,"date":"2018-01-04T10:00:51","date_gmt":"2018-01-04T09:00:51","guid":{"rendered":"https:\/\/www.credativ.de\/blog\/credativ-inside\/the-processor-as-a-security-vulnerability\/"},"modified":"2018-01-04T10:00:51","modified_gmt":"2018-01-04T09:00:51","slug":"the-processor-as-a-security-vulnerability","status":"publish","type":"post","link":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/","title":{"rendered":"The Processor as a Security Vulnerability"},"content":{"rendered":"<p>At the beginning of 2018, issues with memory management and Intel processors became public. According to these reports, it is apparently possible to read arbitrary areas of the kernel and userspace memory regions and thus potentially gain access to sensitive areas. <\/p>\n<p>Over the past few days, there have been rumors and speculations about the direction of these developments; meanwhile, there is an official statement from the hackers at Project Zero (Google) who <a href=\"https:\/\/googleprojectzero.blogspot.de\/2018\/01\/reading-privileged-memory-with-side.html\" target=\"_blank\" rel=\"noopener noreferrer\">summarize<\/a> the findings.<\/p>\n<h1>What exactly happened?<\/h1>\n<p>Essentially, attack vectors were identified that can extract privileged information from the CPU cache, despite a lack of authorization, by leveraging unsuccessful speculative code execution on a processor and precise timing. In doing so, it is possible, despite the lack of authorization (whether from user or kernel space), to read memory areas and interpret their contents. This theoretically enables widespread entry points for malware, such as spying on sensitive data or abusing permissions. These are referred to as Side Channel Attacks. According to current knowledge, not only Intel CPUs (which were initially exclusively assumed to be affected) are impacted, but also AMD CPUs, ARM, and POWER8 and 9 processors.    <\/p>\n<h1>What is currently happening?<\/h1>\n<p>Project Zero summarizes the main issues in the <a href=\"https:\/\/googleprojectzero.blogspot.de\/2018\/01\/reading-privileged-memory-with-side.html\" target=\"_blank\" rel=\"noopener noreferrer\">report<\/a>. Several exploits exist that use different approaches to read privileged memory areas, thereby unauthorizedly accessing information in sensitive areas of the kernel or other processes. Since almost all modern CPUs support speculative execution of instructions to prevent their execution units from idling and thus avoid associated high latencies, a large number of systems are theoretically affected. Another starting point for this attack scenario is the way user and kernel space memory areas interact in current systems. In fact, these memory areas have not truly been separated until now; instead, access to these areas is secured by a special bit. The advantage of this lack of separation is particularly significant when, for example, frequent switching between user and kernel space is required.     <\/p>\n<p>The individual attack scenarios are:<\/p>\n<ul>\n<li>Spectre<\/li>\n<\/ul>\n<p><a href=\"https:\/\/spectreattack.com\/spectre.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">This attack scenario<\/a> utilizes the branch prediction present in modern CPUs, i.e., a preliminary analysis of the probability that certain code or branches can be executed successfully. Here, the CPU is tricked into speculatively executing code that was not actually considered by the prediction. This attack can then be used to execute malicious code. This attack theoretically works on all CPUs with corresponding branch prediction, but according to Project Zero, it is difficult to summarize which processors are affected and in what way. Spectre primarily targets applications in user space. Since Spectre primarily works when faulty code is already present in relevant applications, particular attention should be paid to corresponding updates.     <\/p>\n<ul>\n<li>Meltdown<\/li>\n<\/ul>\n<p>With Meltdown, speculative execution is used to execute code that cannot actually be reached definitively. These are exception instructions with subsequent instructions that would never be executed. However, due to the CPU&#8217;s speculative execution, these instructions are still considered by the CPU. Although there are no side effects from this type of execution, the memory addresses occupied by the instruction remain in the CPU&#8217;s cache and can be used from there to test all memory addresses. Since the memory areas of the kernel and user space are currently organized contiguously, not only the entire memory area of the kernel but also all processes running on the system can be read. A detailed description of how the attack works can be found <g id=\"gid_0\">here<\/g>. Meltdown only works on Intel processors, as only on these are privileges for the addressed memory area no longer checked during out-of-order execution.      <\/p>\n<p>Both scenarios exploit the respective security vulnerabilities in different ways. The CVEs for the vulnerabilities are: <\/p>\n<ul>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-5753\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2017-5753<\/a><\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-5715\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2017-5715<\/a><\/li>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-5754\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2017-5754<\/a><\/li>\n<\/ul>\n<h1>What happens next?<\/h1>\n<p>To prevent Meltdown attacks, corresponding updates are already available for Linux, Windows, and OSX (the latter has contained corresponding changes <a href=\"http:\/\/www.macgadget.de\/News\/2018\/01\/04\/Sicherheitsluecke-in-Intel-Prozessoren-Bug-Fix-bereits-in-macOS-10132-enthalten\" target=\"_blank\" rel=\"noopener noreferrer\">for quite some time<\/a>). Essentially, these updates completely separate memory management for kernel and user space (known in Linux as KPTI patches, Kernel Page Table Isolation, formerly also KAISER). This makes it no longer possible to access kernel memory areas from an unprivileged context through privilege escalation on Intel processors. RedHat, as well as CentOS and Fedora, already provide these with updated kernels.   <\/p>\n<p>Meltdown attacks, in particular, are effectively suppressed by this; however, for Spectre attacks themselves, based on the current situation, there are no reliable, effective measures. It is important, however, that eBPF and the corresponding execution of BPF code in the Linux kernel are deactivated. <\/p>\n<pre><code>sysctl -a | grep net.core.bpf_jit_enable\nsysctl net.core.bpf_jit_enable=0\n<\/code><\/pre>\n<p>The change requires &#8220;root&#8221; permissions.<\/p>\n<h1>Performance of Updated Kernels<\/h1>\n<p>Due to the separation of memory management for kernel and user space, context switches and system calls become more expensive. This leads to significantly higher latencies, especially if the application causes many context switches (e.g., network communication). The performance losses here are difficult to quantify, as not every workload truly relies on identical access patterns. For critical systems, load tests on identical test systems are therefore recommended if possible. If not possible, the load parameters should be carefully monitored after updating the system. A general performance loss of around 5% is assumed, but <a href=\"https:\/\/lkml.org\/lkml\/2018\/1\/2\/703\" target=\"_blank\" rel=\"noopener noreferrer\">tests by kernel developers<\/a> have also observed losses of up to 30%. Since Page Table Isolation (so far) is only available for x86_64 architectures, these figures only apply to machines with Intel processors. In fact, KPTI is not <a href=\"https:\/\/lkml.org\/lkml\/2017\/12\/27\/2\" target=\"_blank\" rel=\"noopener noreferrer\">enabled<\/a> by default for AMD by the kernel upstream.       <\/p>\n<p>Whether KPTI is enabled can be determined via the kernel log:<\/p>\n<pre><code>dmesg -T | grep \"page tables isolation\"\n[Fr Jan  5 10:10:16 2018] Kernel\/User page tables isolation: enabled\n<\/code><\/pre>\n<p>Database users, in particular, are sensitive here, as systems like PostgreSQL<sup>\u00ae<\/sup> typically cause a high number of context switches under heavy load. At credativ, we classified the impact on a small virtualized system. The basis is a Fedora 27 system as a KVM guest with 4 GByte RAM and fast NVMe storage. However, this plays a rather insignificant role in this test, as the database tests performed with pgbench only have a size of just under 750 MByte. The shared buffer pool of the PostgreSQL<sup>\u00ae<\/sup> instance was configured with 1 GByte so that the entire database fits into the database cache. The tests were performed with 4 and 8 virtual processors, respectively. The host system has an Intel Core i7-6770HQ processor.      <\/p>\n<p>The greatest impact is observed when PCID is not present or is deactivated in the kernel. PCID is an optimization that prevents a flush of the Translation Lookaside Buffer (TLB) when a context switch occurs. Virtual memory addresses are only successfully resolved via TLB if the PCID matches the current thread on the respective CPU. PCID is available from kernel 4.14. The test compares a development kernel with Page Table Isolation (PTI) 4.15.0-rc6, current Fedora upstream kernels with and without security patches. PTI can be deactivated by defining a corresponding argument to the kernel via pti=off during boot.     <\/p>\n<p>The Fedora test system already has a very recent kernel (4.14). The difference between the old upstream kernel 4.14.8 without security-relevant patches and the new kernel 4.14.11 is approximately 6%. <a href=\"https:\/\/www.postgresql.org\/docs\/devel\/static\/pgbench.html\" target=\"_blank\" rel=\"noopener noreferrer\">pgbench<\/a> then provides the following throughput rates (transactions per second): <\/p>\n<p><a href=\"https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/TPS_KPTI.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-1352\" src=\"https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/TPS_KPTI-300x209.png\" alt=\"TPS_KPTI\" width=\"500\" height=\"348\" srcset=\"https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/TPS_KPTI-300x209.png 300w, https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/TPS_KPTI-180x125.png 180w, https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/TPS_KPTI-768x535.png 768w, https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/TPS_KPTI-1024x713.png 1024w, https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/TPS_KPTI-600x418.png 600w, https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/TPS_KPTI.png 1079w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/a><\/p>\n<p>If the former standard kernel 4.14.8 of Fedora 27 is taken as 100%, the following results are obtained:<\/p>\n<p><a href=\"https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/Percent_Kernels_KPTI.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-1355\" src=\"https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/Percent_Kernels_KPTI-300x169.png\" alt=\"Percent_Kernels_KPTI\" width=\"500\" height=\"281\" srcset=\"https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/Percent_Kernels_KPTI-300x169.png 300w, https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/Percent_Kernels_KPTI-180x101.png 180w, https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/Percent_Kernels_KPTI-768x432.png 768w, https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/Percent_Kernels_KPTI-600x337.png 600w, https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/Percent_Kernels_KPTI.png 934w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/a><\/p>\n<p>The <a href=\"https:\/\/www.credativ.de\/en\/portfolio\/support\/postgresql-competence-center\/\">PostgreSQL<sup>\u00ae<\/sup><\/a> community has also already <a href=\"https:\/\/www.postgresql.org\/message-id\/20180102222354.qikjmf7dvnjgbkxe@alap3.anarazel.de\" target=\"_blank\" rel=\"noopener noreferrer\">conducted<\/a> smaller tests to measure the impact. The results align with our findings. The new kernel 4.14.11 with the relevant patches offers approximately the same performance as the development kernel 4.15.0-rc6 on this platform. In these test cases, 4.14.11 even partially outperforms the old upstream kernel (8 vCPU, comparison 4.14.8, green and 4.14.11, brown). However, the advantage here is just over 1%, so it can be assumed that there are no significant speed differences in this test setup.    <\/p>\n<p>For those interested, there is also a dedicated page on the <a href=\"https:\/\/spectreattack.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">topic<\/a>. This summarizes all essential information. Also recommended is the <a href=\"https:\/\/github.com\/hannob\/meltdownspectre-patches\" target=\"_blank\" rel=\"noopener noreferrer\">summary<\/a> by journalist Hanno B\u00f6ck on GitHub, which provides a very good list of all patches for Meltdown and Spectre.  <\/p>\n<p><em>This article was originally written by Bernd Helmle.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>At the beginning of 2018, issues with memory management and Intel processors became public. According to these reports, it is apparently possible to read arbitrary areas of the kernel and userspace memory regions and thus potentially gain access to sensitive areas. Over the past few days, there have been rumors and speculations about the direction [&hellip;]<\/p>\n","protected":false},"author":90,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_improvement_type_select":"improve_an_existing","_thumb_yes_seoaic":false,"_frame_yes_seoaic":false,"seoaic_generate_description":"","seoaic_improve_instructions_prompt":"","seoaic_rollback_content_improvement":"","seoaic_idea_thumbnail_generator":"","thumbnail_generated":false,"thumbnail_generate_prompt":"","seoaic_article_description":"","seoaic_article_subtitles":[],"footnotes":""},"categories":[1703,1708],"tags":[1835,1842,1849,1801,1858],"class_list":["post-10311","post","type-post","status-publish","format-standard","hentry","category-news","category-postgresql-en","tag-kernel-en","tag-linux-en","tag-meltdown-en","tag-postgresql-en","tag-spectre-en"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.4 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>The Processor as a Security Vulnerability - credativ\u00ae<\/title>\n<meta name=\"description\" content=\"At the beginning of 2018, issues with memory management and Intel processors became public. Further insights can be found in this article!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Processor as a Security Vulnerability\" \/>\n<meta property=\"og:description\" content=\"At the beginning of 2018, issues with memory management and Intel processors became public. Further insights can be found in this article!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"credativ\u00ae\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/credativDE\/\" \/>\n<meta property=\"article:published_time\" content=\"2018-01-04T09:00:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/TPS_KPTI.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1079\" \/>\n\t<meta property=\"og:image:height\" content=\"751\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"credativ Redaktion\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@credativde\" \/>\n<meta name=\"twitter:site\" content=\"@credativde\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"credativ Editorial Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/news\\\/the-processor-as-a-security-vulnerability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/news\\\/the-processor-as-a-security-vulnerability\\\/\"},\"author\":{\"name\":\"credativ Redaktion\",\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/#\\\/schema\\\/person\\\/63430ac9e022ccceba0f8d53ffe6db12\"},\"headline\":\"The Processor as a Security Vulnerability\",\"datePublished\":\"2018-01-04T09:00:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/news\\\/the-processor-as-a-security-vulnerability\\\/\"},\"wordCount\":1296,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/news\\\/the-processor-as-a-security-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.credativ.de\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/TPS_KPTI-300x209.png\",\"keywords\":[\"Kernel\",\"Linux\",\"Meltdown\",\"PostgreSQL\u00ae\",\"Spectre\"],\"articleSection\":[\"News\",\"PostgreSQL\u00ae\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/news\\\/the-processor-as-a-security-vulnerability\\\/#respond\"]}],\"copyrightYear\":\"2018\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/news\\\/the-processor-as-a-security-vulnerability\\\/\",\"url\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/news\\\/the-processor-as-a-security-vulnerability\\\/\",\"name\":\"The Processor as a Security Vulnerability - credativ\u00ae\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/news\\\/the-processor-as-a-security-vulnerability\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/news\\\/the-processor-as-a-security-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.credativ.de\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/TPS_KPTI-300x209.png\",\"datePublished\":\"2018-01-04T09:00:51+00:00\",\"description\":\"At the beginning of 2018, issues with memory management and Intel processors became public. Further insights can be found in this article!\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/news\\\/the-processor-as-a-security-vulnerability\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/news\\\/the-processor-as-a-security-vulnerability\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/news\\\/the-processor-as-a-security-vulnerability\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.credativ.de\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/TPS_KPTI-300x209.png\",\"contentUrl\":\"https:\\\/\\\/www.credativ.de\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/TPS_KPTI-300x209.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/news\\\/the-processor-as-a-security-vulnerability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Processor as a Security Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/\",\"name\":\"credativ GmbH\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Organization\",\"Place\"],\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/#organization\",\"name\":\"credativ\u00ae\",\"url\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/\",\"logo\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/news\\\/the-processor-as-a-security-vulnerability\\\/#local-main-organization-logo\"},\"image\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/news\\\/the-processor-as-a-security-vulnerability\\\/#local-main-organization-logo\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/credativDE\\\/\",\"https:\\\/\\\/x.com\\\/credativde\",\"https:\\\/\\\/mastodon.social\\\/@credativde\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/credativ-gmbh\",\"https:\\\/\\\/www.instagram.com\\\/credativ\\\/\"],\"description\":\"Die credativ GmbH ist ein f\u00fchrendes, auf Open Source Software spezialisiertes IT-Dienstleistungs- und Beratungsunternehmen. Wir bieten umfassende und professionelle Services, von Beratung und Infrastruktur-Betrieb \u00fcber 24\\\/7 Support bis hin zu individuellen L\u00f6sungen und Schulungen. Unser Fokus liegt auf dem ganzheitlichen Management von gesch\u00e4ftskritischen Open-Source-Systemen, darunter Betriebssysteme (z.B. Linux), Datenbanken (z.B. PostgreSQL), Konfigurationsmanagement (z.B. Ansible, Puppet) und Virtualisierung. Als engagierter Teil der Open-Source-Community unterst\u00fctzen wir unsere Kunden dabei, die Vorteile freier Software sicher, stabil und effizient in ihrer IT-Umgebung zu nutzen.\",\"legalName\":\"credativ GmbH\",\"foundingDate\":\"2025-03-01\",\"duns\":\"316387060\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"11\",\"maxValue\":\"50\"},\"address\":{\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/news\\\/the-processor-as-a-security-vulnerability\\\/#local-main-place-address\"},\"geo\":{\"@type\":\"GeoCoordinates\",\"latitude\":\"51.1732374\",\"longitude\":\"6.392010099999999\"},\"telephone\":[\"+4921619174200\",\"08002733284\"],\"contactPoint\":{\"@type\":\"ContactPoint\",\"telephone\":\"08002733284\",\"email\":\"vertrieb@credativ.de\"},\"openingHoursSpecification\":[{\"@type\":\"OpeningHoursSpecification\",\"dayOfWeek\":[\"Monday\",\"Tuesday\",\"Wednesday\",\"Thursday\",\"Friday\"],\"opens\":\"09:00\",\"closes\":\"17:00\"},{\"@type\":\"OpeningHoursSpecification\",\"dayOfWeek\":[\"Saturday\",\"Sunday\"],\"opens\":\"00:00\",\"closes\":\"00:00\"}],\"email\":\"info@credativ.de\",\"areaServed\":\"D-A-CH\",\"vatID\":\"DE452151696\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/#\\\/schema\\\/person\\\/63430ac9e022ccceba0f8d53ffe6db12\",\"name\":\"credativ Redaktion\",\"description\":\"Dieser Account dient als Sammelpunkt f\u00fcr die wertvollen Beitr\u00e4ge ehemaliger Mitarbeiter von credativ. Wir bedanken uns f\u00fcr ihre gro\u00dfartigen Inhalte, die das technische Wissen in unserem Blog \u00fcber die Jahre hinweg bereichert haben. Ihre Artikel bleiben hier weiterhin f\u00fcr unsere Leser zug\u00e4nglich.\"},{\"@type\":\"PostalAddress\",\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/news\\\/the-processor-as-a-security-vulnerability\\\/#local-main-place-address\",\"streetAddress\":\"Hennes-Weisweiler-Allee 23\",\"addressLocality\":\"M\u00f6nchengladbach\",\"postalCode\":\"41179\",\"addressRegion\":\"Deutschland\",\"addressCountry\":\"DE\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.credativ.de\\\/en\\\/blog\\\/news\\\/the-processor-as-a-security-vulnerability\\\/#local-main-organization-logo\",\"url\":\"https:\\\/\\\/www.credativ.de\\\/wp-content\\\/uploads\\\/2025\\\/04\\\/credativ-logo-right.svg\",\"contentUrl\":\"https:\\\/\\\/www.credativ.de\\\/wp-content\\\/uploads\\\/2025\\\/04\\\/credativ-logo-right.svg\",\"caption\":\"credativ\u00ae\"}]}<\/script>\n<meta name=\"geo.placename\" content=\"M\u00f6nchengladbach\" \/>\n<meta name=\"geo.position\" content=\"51.1732374;6.392010099999999\" \/>\n<meta name=\"geo.region\" content=\"Germany\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"The Processor as a Security Vulnerability - credativ\u00ae","description":"At the beginning of 2018, issues with memory management and Intel processors became public. Further insights can be found in this article!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/","og_locale":"en_US","og_type":"article","og_title":"The Processor as a Security Vulnerability","og_description":"At the beginning of 2018, issues with memory management and Intel processors became public. Further insights can be found in this article!","og_url":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/","og_site_name":"credativ\u00ae","article_publisher":"https:\/\/www.facebook.com\/credativDE\/","article_published_time":"2018-01-04T09:00:51+00:00","og_image":[{"width":1079,"height":751,"url":"https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/TPS_KPTI.png","type":"image\/png"}],"author":"credativ Redaktion","twitter_card":"summary_large_image","twitter_creator":"@credativde","twitter_site":"@credativde","twitter_misc":{"Written by":"credativ Editorial Team","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/#article","isPartOf":{"@id":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/"},"author":{"name":"credativ Redaktion","@id":"https:\/\/www.credativ.de\/en\/#\/schema\/person\/63430ac9e022ccceba0f8d53ffe6db12"},"headline":"The Processor as a Security Vulnerability","datePublished":"2018-01-04T09:00:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/"},"wordCount":1296,"commentCount":0,"publisher":{"@id":"https:\/\/www.credativ.de\/en\/#organization"},"image":{"@id":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/TPS_KPTI-300x209.png","keywords":["Kernel","Linux","Meltdown","PostgreSQL\u00ae","Spectre"],"articleSection":["News","PostgreSQL\u00ae"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/#respond"]}],"copyrightYear":"2018","copyrightHolder":{"@id":"https:\/\/www.credativ.de\/#organization"}},{"@type":"WebPage","@id":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/","url":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/","name":"The Processor as a Security Vulnerability - credativ\u00ae","isPartOf":{"@id":"https:\/\/www.credativ.de\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/TPS_KPTI-300x209.png","datePublished":"2018-01-04T09:00:51+00:00","description":"At the beginning of 2018, issues with memory management and Intel processors became public. Further insights can be found in this article!","breadcrumb":{"@id":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/#primaryimage","url":"https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/TPS_KPTI-300x209.png","contentUrl":"https:\/\/www.credativ.de\/wp-content\/uploads\/2019\/06\/TPS_KPTI-300x209.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.credativ.de\/en\/"},{"@type":"ListItem","position":2,"name":"The Processor as a Security Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/www.credativ.de\/en\/#website","url":"https:\/\/www.credativ.de\/en\/","name":"credativ GmbH","description":"","publisher":{"@id":"https:\/\/www.credativ.de\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.credativ.de\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Organization","Place"],"@id":"https:\/\/www.credativ.de\/en\/#organization","name":"credativ\u00ae","url":"https:\/\/www.credativ.de\/en\/","logo":{"@id":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/#local-main-organization-logo"},"image":{"@id":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/#local-main-organization-logo"},"sameAs":["https:\/\/www.facebook.com\/credativDE\/","https:\/\/x.com\/credativde","https:\/\/mastodon.social\/@credativde","https:\/\/www.linkedin.com\/company\/credativ-gmbh","https:\/\/www.instagram.com\/credativ\/"],"description":"Die credativ GmbH ist ein f\u00fchrendes, auf Open Source Software spezialisiertes IT-Dienstleistungs- und Beratungsunternehmen. Wir bieten umfassende und professionelle Services, von Beratung und Infrastruktur-Betrieb \u00fcber 24\/7 Support bis hin zu individuellen L\u00f6sungen und Schulungen. Unser Fokus liegt auf dem ganzheitlichen Management von gesch\u00e4ftskritischen Open-Source-Systemen, darunter Betriebssysteme (z.B. Linux), Datenbanken (z.B. PostgreSQL), Konfigurationsmanagement (z.B. Ansible, Puppet) und Virtualisierung. Als engagierter Teil der Open-Source-Community unterst\u00fctzen wir unsere Kunden dabei, die Vorteile freier Software sicher, stabil und effizient in ihrer IT-Umgebung zu nutzen.","legalName":"credativ GmbH","foundingDate":"2025-03-01","duns":"316387060","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"11","maxValue":"50"},"address":{"@id":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/#local-main-place-address"},"geo":{"@type":"GeoCoordinates","latitude":"51.1732374","longitude":"6.392010099999999"},"telephone":["+4921619174200","08002733284"],"contactPoint":{"@type":"ContactPoint","telephone":"08002733284","email":"vertrieb@credativ.de"},"openingHoursSpecification":[{"@type":"OpeningHoursSpecification","dayOfWeek":["Monday","Tuesday","Wednesday","Thursday","Friday"],"opens":"09:00","closes":"17:00"},{"@type":"OpeningHoursSpecification","dayOfWeek":["Saturday","Sunday"],"opens":"00:00","closes":"00:00"}],"email":"info@credativ.de","areaServed":"D-A-CH","vatID":"DE452151696"},{"@type":"Person","@id":"https:\/\/www.credativ.de\/en\/#\/schema\/person\/63430ac9e022ccceba0f8d53ffe6db12","name":"credativ Redaktion","description":"Dieser Account dient als Sammelpunkt f\u00fcr die wertvollen Beitr\u00e4ge ehemaliger Mitarbeiter von credativ. Wir bedanken uns f\u00fcr ihre gro\u00dfartigen Inhalte, die das technische Wissen in unserem Blog \u00fcber die Jahre hinweg bereichert haben. Ihre Artikel bleiben hier weiterhin f\u00fcr unsere Leser zug\u00e4nglich."},{"@type":"PostalAddress","@id":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/#local-main-place-address","streetAddress":"Hennes-Weisweiler-Allee 23","addressLocality":"M\u00f6nchengladbach","postalCode":"41179","addressRegion":"Deutschland","addressCountry":"DE"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.credativ.de\/en\/blog\/news\/the-processor-as-a-security-vulnerability\/#local-main-organization-logo","url":"https:\/\/www.credativ.de\/wp-content\/uploads\/2025\/04\/credativ-logo-right.svg","contentUrl":"https:\/\/www.credativ.de\/wp-content\/uploads\/2025\/04\/credativ-logo-right.svg","caption":"credativ\u00ae"}]},"geo.placename":"M\u00f6nchengladbach","geo.position":{"lat":"51.1732374","long":"6.392010099999999"},"geo.region":"Germany"},"_links":{"self":[{"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/posts\/10311","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/users\/90"}],"replies":[{"embeddable":true,"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/comments?post=10311"}],"version-history":[{"count":0,"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/posts\/10311\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/media?parent=10311"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/categories?post=10311"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.credativ.de\/en\/wp-json\/wp\/v2\/tags?post=10311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}