Κενά ασφαλείας σε επεξεργαστές intel και κάποια σχετική παρανόηση

[salde]

Foreshadow returns to the foreground: Secrets-spilling speculative-execution Intel flaw lives on, say boffins • The Register

WWW.THEREGISTER.COM

---

A misunderstanding about the vulnerability means defenses fall short

In a paper   slated to be distributed through ArXiv today, Martin Schwarzl, Thomas Schuster, and Daniel Gruss with Graz University of Technology, and Michael Schwarz, with the Helmholtz Center for Information Security, reveal the computer science world has misunderstood the microarchitectural flaw that enables Foreshadow, which can be exploited by malware or a rogue user on a vulnerable system to extract data from supposedly protected areas of memory – such as Intel SGX enclaves, and operating-system kernel and hypervisor addresses...

it's still possible to exploit Foreshadow on older kernels that are supposedly mitigated, or on a fully patched kernel that happens to have Spectre variant two protections removed...

"We discovered that effects reported in several academic papers over the past four years were not correctly understood, leading to incorrect assumptions on countermeasures,"...

Thus, if you've used the nospectre_v2 kernel option on your fully-patched Intel-powered Linux server to optimize for speed over security, and think it won't affect your Foreshadow protection, think again: the machine is now vulnerable to Foreshadow...
 

It also means Foreshadow can potentially affect CPU cores from vendors other than Intel, such as AMD, Arm, and IBM, and that the effects can be triggered by malicious JavaScript in a browser window, though fairly slowly based on the scenarios described in the paper.

The good news is that there is a defense against the Foreshadow L3 attack described in the paper: implementing the Spectre-BTB (Branch Target Buffer) countermeasures...