Skip to main content

New ‘Prime’ Meltdown, Spectre exploits outlined by Nvidia, Princeton University

Just one month after researchers exposed methods to extract sensitive data from a device’s memory through all modern processors, another research paper arrives to illustrate how the processor design flaw can be used in other attacks. The paper, dubbing the new exploits MeltdownPrime and SpectrePrime, derives from three researchers who work at at Princeton University and graphics chip manufacturer Nvidia. 

As reported last month, all processors dating back to at least 2011 have a flaw in the way they’re designed. Part of a processor’s speed comes from its ability to predict where the current list of instructions will go — they have “branch prediction units” that take an educated guess about what command will come next. To make these predictions, processors toss data back and forth from two memory sets: local on-chip memory called cache for fast access, and the PC’s system memory. This data isn’t secured, and that’s where the original Meltdown and Spectre attacks come in. 

The Meltdown approach applies to Intel and Apple processors. A hacker can create a malicious program to access that raw information, which could include usernames, passwords, credit card numbers, and so on. It taps into the privileged information typically only accessible by the root of an operating system, otherwise known as the kernel. 

Get your weekly teardown of the tech behind PC gaming
Check your inbox!

Meanwhile, Spectre applies to Intel, AMD, and all mobile chips based on ARM’s processor design, including Apple. Here hackers can create a program to trick the processor into executing instructions not built into legitimate programs and apps installed on the PC. In other words, your favorite apps and programs could be tricked into coughing up your sensitive data. 

Both methods are merely proof-of-concepts reported by Google Project Zero, and researchers from Cerberus Technology and various universities. Both are called side-channel attacks as they don’t target specific software, such as Adobe Flash. 

The new MeltdownPrime and SpectrePrime exploits rely on an attack called Prime+Probe that takes advantage of processor “cache invalidations,” which is a method of replacing or removing entries in the CPU’s cache. Whereas Meltdown and Spectre simply “pollute” this cache during the CPU’s path prediction (aka speculative execution), the new exploits take a different approach. 

“MeltdownPrime and SpectrePrime are caused by write requests being sent out speculatively in a system that uses an invalidation-based coherence protocol,” the paper states. A coherence protocol means that the PC is keeping all data stored in cache and memory consistent. But that protocol may “invalidate cache lines in sharer cores as a result of a speculative write access request even if the operation is eventually squashed.” 

The researchers validated their findings using a MacBook packing an Intel Core i7 processor, and MacOS Sierra v10.12.6. They ran the exploit 100 times on the machine, with a 99.95-percent success rate for SpectrePrime versus the 97.9-percent rate seen with the vanilla Spectre exploit. 

“We believe that any software techniques that mitigate Meltdown and Spectre will also be sufficient to mitigate MeltdownPrime and SpectrePrime. On the other hand, we believe that microarchitectural mitigation of our Prime variants will require new considerations,” the paper states. 

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
This 240Hz gaming monitor from LG is on sale for just $200 at Amazon
The LG UltraGear 27-inch OLED gaming monitor displaying a space game.

When it comes to gaming monitors, LG’s UltraGear lineup reigns supreme as one of the best lineups on the market. These screens are engineered to squeeze every last amount of picture detail from the games you’re playing, resulting in some of the brightest and richest colors, best contrast levels, and exceptional motion clarity. While looking through Amazon deals, we came across a terrific promo on an UltraGear that we just had to write about.

Right now, you’ll be able to purchase the LG 27-inch UltraGear IPS Gaming Monitor for $200. At full price, this model normally sells for $300. If you’ve been looking for one of the best monitor deals of the week, you’ve come to the right place!

Read more
The Alienware Aurora R16, our favorite gaming PC, is $900 off
Alienware Aurora R16 sitting on desk

If you’re looking for the end-all-be-all of gaming PC deals, look no further than this extraordinary offer we found on one of the best desktop towers in the business, the Alienware Aurora R16. For a limited time only, you’ll be able to order this premium PC through Dell for $3,100. Usually, this exact configuration of the Aurora R16 costs $4,000, so you’ll be saving yourself about $900!

Why you should buy the Alienware Aurora R16
Building your own PC is one of the most satisfying experiences for a diehard gamer, but it can also be a pretty tedious process. That’s why high-quality pre-builds exist, and the Aurora R16 is one of the best options. In our best gaming desktop PCs roundup, we gave the R16 top honors for several reasons, with power and performance being two of its leading accolades.

Read more
Next-gen GPUs are coming ‘later this year’ — but which?
RX 7900 XTX slotted into a test bench.

What's going on with next-gen graphics cards? I've been asking myself that question for months now. Reports about Nvidia's RTX 50-series and AMD's RDNA 4 first pointed to a 2024 release, but most sources now agree that we won't see any new GPUs until 2025. Except EK Water Blocks, a company that now claims that we'll see an announcement "later this year."

EK Water Blocks makes liquid cooling solutions, and it's partnered with both Nvidia and AMD, which makes it harder to determine which GPU manufacturer it's talking about here. According to the latest leaks, both GPU makers aren't launching their new products this year, although one source (admittedly uncertain) claimed that we'd have an announcement this month. This is now the second leak in as many days that implies good news in 2024.

Read more