Spectre variant 2 has the same impact as variant 1 but uses a different exploitation technique called branch target injection. The vulnerability affects Intel, IBM and a limited number of ARM CPUs. It allows one process to extract sensitive information from the memory of another process but could also bypass the user/kernel memory privilege boundary. Hertzbleed – CVE-2022-23823 and CVE-2022-24436Īlso known as bounds check bypass, CVE-2017-5753 allows attackers to exploit the branch prediction feature of modern CPUs to extract information from the memory of other processes by using the CPU cache as a side channel.Spectre-BTB-SA-IP and Spectre-BTB-SA-OP.Spectre-PHT-CA-OP, Spectre-PHT-CA-IP and Spectre-PHT-SA-OP.Here are some of the most significant hardware-related vulnerabilities, discovered both before and after Meltdown: In either case, patching is not straightforward, so such flaws can continue to impact real world devices for a very long time. Some hardware vulnerabilities are impossible to mitigate completely without releasing a new generation of components, while others can be fixed in firmware, the low-level programming present in hardware chips. Since then, many researchers, both from academia and the private sector, have been studying the low-level operation of CPUs and other hardware components and have been uncovering more and more issues. Meltdown and Spectre were certainly not the first vulnerabilities to result from a hardware design decision, but their widespread impact sparked the interest of the security research community into such flaws. The flaws stemmed from a performance feature of modern CPUs known as speculative execution and mitigating them required one of the biggest patch coordination efforts in history, involving CPU makers, device manufacturers and operating system vendors. Yes you can have an unsafe CPU, as all Intel CPUs virtually are now, by designing the CPU to completely disregard security checks that the OS assumes are in place because the designer falsely claims they are.In January 2018, the entire computer industry was put on alert by two new processor vulnerabilities dubbed Meltdown and Spectre that defeated the fundamental OS security boundaries separating kernel and user space memory. I totally disagree with this, and you really should read Linus Torvalds's response to Intel's excuse of a statement to hear why in much better words than I could personally explain it: But once you can do that, you have full control anyway. Also, just like any other vulnerability, you need a way to execute code on the affected machine. In this case, the OS relies to much on hardware functions (see the Infinion TPM debacle not long ago - same story but already forgotten) instead of doing things right. A CPU per se can not be safe or unsafe, that task is up to the OS. ![]() However, this is something again made up by the media. Reply 11 of 151, by gerwinĮvery CPU with out-of-order execution is affected (early Atoms for example not, so "any Intel CPU made after 1995" is plain wrong). ![]() It's all bad karma which is why I have gone back to trusty DOS on my 486dx2. Other bugs have to do with out of order and speculative execution, which apparently can result in something horrendous lije triggering arbitrary code execution in the context of another process. That is just me being silly, but seriously: does it actually work that way? Does the bug require branch prediction to be active?īranch prediction triggers preemptive loads of potentially privileged addresses, it is the first chink in the armour. ![]() That way Vogons enthousiasts will be the last humans to browse the internets with immunity. Vogons - Milliways: Intel CPU design flaw - Kernel-memory-leakingīecause I saw this coming some years ago, I developed SetMul to turn off branch prediction in Pentium and Pentium MMX processors. Here is the same topic but not restricted to older Hardware: ![]() Vogons - Milliways: Intel CPU design flaw - Kernel-memory-leaking Gerwin wrote: Here is the same topic but not restricted to older Hardware:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |