Spectre
What is Spectre?
SpectreA family of microarchitectural attacks that abuse CPU speculative execution to leak data across security boundaries via cache-based side channels.
Disclosed in January 2018, Spectre (CVE-2017-5753 Variant 1, CVE-2017-5715 Variant 2 and several follow-ups) exploits the fact that modern out-of-order CPUs speculatively execute instructions past mispredicted branches or indirect jumps. The transient instructions touch caches, leaving observable side effects that an attacker can read with precise timing measurements — even when the speculative result was never committed architecturally. Spectre affects Intel, AMD, ARM and other vendors, breaks process and VM isolation, and is hard to patch fully. Mitigations include compiler barriers (retpoline, LFENCE, speculative load hardening), microcode updates (IBRS, IBPB, STIBP, eIBRS), process isolation, site-isolation in browsers, and architectural redesign in newer CPUs.
● Examples
- 01
Spectre v1 (Bounds Check Bypass) leaking kernel memory from user processes.
- 02
Spectre v2 (Branch Target Injection) crossing VM boundaries in cloud environments.
● Frequently asked questions
What is Spectre?
A family of microarchitectural attacks that abuse CPU speculative execution to leak data across security boundaries via cache-based side channels. It belongs to the Vulnerabilities category of cybersecurity.
What does Spectre mean?
A family of microarchitectural attacks that abuse CPU speculative execution to leak data across security boundaries via cache-based side channels.
How do you defend against Spectre?
Defences for Spectre typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Spectre?
Common alternative names include: Speculative execution attack.