BlindeSide: New Speculative Execution Attack effective against Intel CPUs up to Whiskey Lake & AMD's Zen+/Zen2 on Linux with latest mitigations enabled.

unRate

By unRate
in Security

Recommended Posts

unRate Rookie

unRate

Posted
Posted (edited)

Given a simple buffer overflow in the kernel and no additional info leak vulnerability, BlindSide can mount BROP-style attacks in the speculative execution domain to repeatedly probe and de-randomize the kernel address space, craft arbitrary memory read gadgets, and enable reliable exploitation.

 

Quote

In addition to the Intel Whiskey Lake CPU in our evaluation,we confirmed similar results on Intel Xeon E3-1505M v5, XeonE3-1270 v6 and Core i9-9900K CPUs, based on the Skylake, KabyLake and Coffee Lake microarchitectures, respectively, as well ason AMD Ryzen 7 2700X and Ryzen 7 3700X CPUs, which are basedon the Zen+ and Zen2 microarchitectures. Overall, our results con-firm speculative probing is effective on a modern Linux system ondifferent microarchitectures, hardened with the latest mitigations

 

Project: https://www.vusec.net/projects/blindside/

Paper: https://download.vusec.net/papers/blindside_ccs20.pdf

Edited by unRate
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing