Not sure if I get attacked more than the average person (it seems to me I should be a boring target to either criminal or state attackers) or if there is widespread (psychological) denial. Every Intel and AMD processor I have is attacked remotely almost every day. And it is very easily exploited remotely. Several AMD FX and at least one APU are affected. Additionally, because of the reference to "recent program behavior" in Intel's optimization manual, a bunch of conditional branches that are always taken were inserted in front of the indirect call. Before each indirect call, the function pointer stored in memory was flushed out to main memory using CLFLUSH to widen the speculation time window. Both indirect calls were performed through the same callsite. The injecting process performed indirect calls to a function that accesses a (per-process) test variable the measuring process performed indirect calls to a function that tests, based on timing, whether the per-process test variable is cached, and then evicts it using CLFLUSH. Both instances were executed with ASLR disabled and had the same code at the same addresses. Based on the assumption that branch predictor state is shared between hyperthreads, we wrote a program of which two instances are each pinned to one of the two logical processors running on a specific physical core, where one instance attempts to perform branch injections while the other measures how often branch injections are successful.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |