Earlier this month, major chip manufacturers announced that vulnerabilities known as Spectre and Meltdown affect processors that are currently deployed in millions of devices. These new security flaws open the door for hackers to access sensitive user data. The flaws are not unique. Instead, they impact chips for everything from phones to servers and may go back more than two decades. The flaw is the result of a common design practice employed by most modern processors, which has been publicly described as allowing an unprivileged attacker to bypass memory security restrictions and gain read access to privileged memory. These vulnerabilities allow an unprivileged local attacker to read privileged memory belonging to other processes or memory allocated to the kernel.
The relevant Common Vulnerabilities and Exposure (CVE) items associated with Meltdown and Spectre are recorded under: Spectre attack: CVE-2017-5753, CVE-2017-5715 and Meltdown attack: CVE-2017-5754. Full concise details, including links to the patches issued by OS vendors, are located under https://meltdownattack.com/ or under the Vulnerability Note VU#584653.