Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:62201993064
HistoryMar 07, 2019 - 12:00 a.m.

Intel CPU Spoiler vulnerability alerts-a vulnerability alert-the black bar safety net

2019-03-0700:00:00
佚名
www.myhack58.com
78
JSON

Spoiler is the researchers found that the impact of the Intel microprocessor architecture of a speculative attack a speculative attack is a new microprocessor disclosure vulnerability that leaks is about the physical page to the user space process mapping of key information.

Spoiler with 2018 1 on found the Intel Spectre and Meltdown vulnerability is very similar to the Spoiler abuse the Intel chip of the speculative execution to the disclosure of confidential information. The attack target is the processor in the Memory Order Buffer memory sort buffer, the Memory Order Buffer is used to manage memory operations, and Cache relationship very closely. An attacker can abuse Intel CPU’s speculative execution to steal the application running in the secret and other data. The attacker can through the web browser of the tab page to the malicious JS code, running on the system in the malicious software, login users, etc. to extract the memory of the password, key and other data. The attacker can be from the user space in the absence of the elevated situation of vulnerability to abuse.

The vulnerability of the processor includes a first-generation Intel Core processor all Intel processors with theoperating systemand a virtual machine, sandbox environment, etc. are irrelevant.

Spoiler although with the Spectre attack, although similar, but not the same kind of attack, and Intel of the Spectre attack of the solution on the Spoiler is invalid. The researchers think that the software level may not be able to fix the vulnerability, hence the need from the chip level architecture re-design, but the consumption of the performance cost is very large.

Researchers say already in 2018 12 November 1 will be the vulnerability by giving up Intel, but Intel no time for the vulnerability to respond. Currently has been responsible disclosure of the 90-day period, so the researchers will be Papers officially announced.

For more details see the paper Spoiler: Speculative load hazards boost Rowhammer and cache attacks https://arxiv.org/pdf/1903.00446.pdf

JSON