Depends, Muen kernel claims they are safe from it.
We thoroughly studied the potential impact of the recent
Spectre/Meltdown speculative execution CPU design issues on the Muen
Separation Kernel. In this mail we would like to share our findings
regarding Meltdown. The analysis of Spectre will follow in a separate
For the technical details of the Meltdown vulnerability the reader is
directed to the associated papers and blog posts .
Meltdown is part of a new attack class which relies on observing side
effects caused by speculative instruction execution by the processor. It
is also referred to as Rogue Data Cache Load (CVE-2017-5754).
For a successful Meltdown attack, three requirements have to be met:
(1) The memory space of the unprivileged attacker contains privileged
memory mappings to which the attacker has no access (U/S bit not
(2) The mappings contain desired information
(3) The attacker can measure the timing effects introduced by its attack
Muen uses VT-x and not ring-0/ring-3 transitions as isolation mechanism
between subjects and the kernel. As VT-x transitions automatically
switch the memory layout between guests and the host, Muen does not use
the User/Supervisor bit in page tables for the enforcement of access
Consequently the precondition (1) for the attack is not met and the Muen
kernel is not vulnerable.
Subjects which internally rely on ring-0/ring-3 transition (e.g. Linux,
Windows) are vulnerable from local attacks unless adequate mitigation is
performed at subject level. E.g. for Linux guests, Kernel Page Table
Isolation (KPTI, formerly KAISER) must be enabled.
Meltdown is defended by our design decision to have a simple
architecture which only utilizes a single isolation mechanism: hardware
virtualization. We prioritized a minimal design over performance
considerations and decided not to use ring-3 in VMX-root mode for native
subjects. Since Meltdown only affects the ring-0/ring-3 isolation
mechanism we were spared from that pit of lava.
The Muen Team
 - meltdownattack.com