Trying to construct a timeline of #Spectre #Meltdown, because some things don’t compute. This post will be updated! If you want to add/correct something, please comment.

2017-02-01
The CVE numbers 2017-5715, 2017-5753 and 2017-5754 are assigned to/reserved by Intel. (I guess they asked for being assigned a range).

2017-02-27
Bosman et al publish their findings how ASLR can be abused on cachebased architectures at the NDSS Symposium. [5]

Some time before June, 2017
The two attack vectors, now combined as #Spectre, are independently found by Google’s Project Zero researchers and researchers from the academic world. [1]

2017-06-01
The findings are shared with Intel, AMD and Arm. [1] footnote 1

Some time before 2017-07-28
#Meltdown attack vector is identified and shared with Intel (also AMD, ARM?) (by the same group?) [1] footnote 1

2017-07-28
Anders Fogh publishes his #Meltdown findings (found independently?) called “Negative Result: Reading Kernel Memory From User Mode” [3]

2017-11-09
Intel informs partners and other interested parties under NDA. [2]

2017-11-20
The CRD (Coordinated Release Date) is agreed upon to be 2018-01-09 by many parties involved. [2]

2017-12-13
Apple releases iOS 11.2, MacOS 10.13.2 and TVos 11.2. These update contain fixes for #Spectre but that is not mentioned in the release notes.

2018-01-01
The sweetpython post appears, speculating about what’s behind the Linux kernel patches called PTI [4]

2018-01-02
The Register publishes an article titled “Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign” that puts enough of the information together. [6]

2018-01-03
Bosman posts on Twitter about a working reproducer for #Meltdown [7]

Google breaks the agreed CRD and makes everything public. Amazon, Google, Microsoft declare their respective clouds are patched and safe.

Sources:

[1] https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

[2] https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

[3] https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/

[4] http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table

[5] https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/aslrcache-practical-cache-attacks-mmu/

[6] https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

[7] https://mobile.twitter.com/brainsmoke/status/948561799875502080

Have your say!