[Info-vax] Intel x86-64 Processor Design Security Vulnerability?
Johann 'Myrkraverk' Oskarsson
johann at myrkraverk.invalid
Thu Jan 4 02:42:43 EST 2018
Derrell Piper wrote:
> I don't know what that site is, and I don't find it particularly
> interesting either. Any technical discussions about this bug are
> welcome here. Please leave your hype at the door.
I haven't looked at the other site, and this is a technical summary
of the CPU flaws and security issues.
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
It starts with
Reading privileged memory with a side-channel
Posted by Jann Horn, Project Zero
We have discovered that CPU data cache timing can be abused to
efficiently leak information out of mis-speculated execution, leading
to (at worst) arbitrary virtual memory read vulnerabilities across
local security boundaries in various contexts.
Variants of this issue are known to affect many modern processors,
including certain processors by Intel, AMD and ARM. For a few Intel
and AMD CPU models, we have exploits that work against real software.
We reported this issue to Intel, AMD and ARM on 2017-06-01 [1].
In particular, Red Hat has stated the vulnerability also affects other
architectures like IBM System Z and Power 8 and 9. It is almost certain
similar issues affect Itanium and probably Alpha and hence VMS.
--
Johann | email: invalid -> com | www.myrkraverk.com/blog/
I'm not from the Internet, I just work there. | twitter: @myrkraverk
More information about the Info-vax
mailing list