September 11, 20205 yr Given a simple buffer overflow in the kernel and no additional info leak vulnerability, BlindSide can mount BROP-style attacks in the speculative execution domain to repeatedly probe and de-randomize the kernel address space, craft arbitrary memory read gadgets, and enable reliable exploitation. Quote In addition to the Intel Whiskey Lake CPU in our evaluation,we confirmed similar results on Intel Xeon E3-1505M v5, XeonE3-1270 v6 and Core i9-9900K CPUs, based on the Skylake, KabyLake and Coffee Lake microarchitectures, respectively, as well ason AMD Ryzen 7 2700X and Ryzen 7 3700X CPUs, which are basedon the Zen+ and Zen2 microarchitectures. Overall, our results con-firm speculative probing is effective on a modern Linux system ondifferent microarchitectures, hardened with the latest mitigations Project: https://www.vusec.net/projects/blindside/ Paper: https://download.vusec.net/papers/blindside_ccs20.pdf Edited September 11, 20205 yr by unRate
Archived
This topic is now archived and is closed to further replies.