Reading privileged memory with a side-channel
Posted by Jann Horn, Project Zero
Wednesday, January 3, 2018
We have discovered that CPU data cache timing can be abused to efficiently leak
information out of mis-speculated execution, leading to (at worst) arbitrary
virtual memory read vulnerabilities across local security boundaries in various
contexts.
Variants of this issue are known to affect many modern processors, including
certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models,
we have exploits that work against real software. We reported this issue to
Intel, AMD and ARM on 2017-06-01 [1].
So far, there are three known variants of the issue:
Variant 1: bounds check bypass (CVE-2017-5753)
Variant 2: branch target injection (CVE-2017-5715)
Variant 3: rogue data cache load (CVE-2017-5754)
Before the issues described here were publicly disclosed, Daniel Gruss, Moritz
Lipp, Yuval Yarom, Paul Kocher, Daniel Genkin, Michael Schwarz, Mike Hamburg,
Stefan Mangard, Thomas Prescher and Werner Haas also reported them; their
[writeups/blogposts/paper drafts] are at:
Spectre (variants 1 and 2)
Meltdown (variant 3)
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
----------------------------------------------------------------------
You can UNSUBSCRIBE from the OpenDTV list in two ways:
- Using the UNSUBSCRIBE command in your user configuration settings at
FreeLists.org
- By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word
unsubscribe in the subject line.