Kernel Isolation: From an Academic Idea to an Efficient Patch for Every Computer

Daniel Gruss, Dave Hansen, Brendan Gregg

Research output: Contribution to journalArticle


The disclosure of the Meltdown vulnerability in early 2018 was an earthquake for the security community. Meltdown allows temporarily bypassing the most fundamental access permissions before a deferred permission check is finished: that is, the userspace-accessible bit is not reliable, allowing unrestricted access to kernel pages. More specifically, during out-of-order execution, the processor fetches or stores memory locations that are protected via access permissions and continues the outof- order execution of subsequent instructions with the retrieved or modified data, even if the access permission check failed. Most Intel, IBM, and Apple processors from recent years are affected as are several other processors. While AMD also defers the permission check, it does not continue the out-of-order execution of subsequent instructions with data that is supposed to be inaccessible.
Original languageEnglish
Pages (from-to)10-14
Number of pages5
Issue number4
Publication statusPublished - Dec 2018

Cite this