CROSSTalk: the first MDS cross-core attack

栏目: IT技术 · 发布时间: 4年前

Am I potentially affected by the vulnerability?

If you’re using an Intel CPU, it’s quite likely. Intel’s higher-end server CPUs don’t appear to be vulnerable, and some of the very latest Intel CPUs aren’t vulnerable to MDS/TAA. You can find a list of the Intel CPUs we tested in Table 2 above.

How do I mitigate the vulnerability?

We recommend installing Intel’s latest microcode, which includes the mitigation against SRBDS for RNG output and SGX keys. This is usually distributed through the standard software update mechanism.

Is this really a “new” vulnerability?

Strictly speaking, in CVE parlance, yes. At the same time, the underlying issue stems from the original RIDL (aka MDS) class of vulnerabilities, except the source of leakage is now a previously undocumented (staging) buffer. Since the buffer is shared across CPU cores, the vulnerability enables cross-core transient execution attacks for the first time.

Am I affected if SMT (hyperthreading) is disabled?

Yes. Our cross-core attack does not rely on SMT. In fact, as you can see in Table 2, our attack works on an Intel Xeon E3-1220V6 (Kaby Lake) CPU which does not support SMT at all.

Am I affected if I am not running applications in Intel SGX?

In theory, yes. The underlying vulnerability enables cross-core leaks of some data – like RNG output – between arbitrary applications. However, Intel SGX enclaves are more amenable to practical exploitation, since attackers can easily slow down the execution of the victim and control the leakage. We expect practical exploitation beyond Intel SGX enclaves to be more difficult but not impossible.

Can I use the logo?

The logo is free to use, rights waived via …. ah, no, wait, we don’t have a logo, but if you really insist you can grab one here .

What’s with the lengthy 21-months embargo?

We do not take long embargoes lightly, as we believe a short (ideally 90-day) vulnerability disclosure period is a good balance between giving vendors sufficient time to mitigate a vulnerability and informing the public early. Our original report (Sep 2018) only described same-core (CPUID) leaks and we did not discuss this PoC further with Intel until July 2019, when we reported that we had reproduced cross-core leaks for a number of instructions including RDRAND. Up to that point, we had not investigated thoroughly the implications of the attack (and, apparently, neither had Intel). We recognize the complexity of fixing bugs like this one, but as we made clear in the past , Intel should have fixed the MDS vulnerability – and dealt with our reported PoCs – properly from the outset, rather than play whac-a-mole with its symptoms. 


以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

第二曲线:跨越“S型曲线”的二次增长

第二曲线:跨越“S型曲线”的二次增长

[英]查尔斯·汉迪(Charles Handy) / 苗青 / 机械工业出版社 / 2017-6 / 49.00

S型曲线是每个组织和企业在预测未来时一定会参考的工具,一切事物的发展都逃不开S型曲线(“第一曲线”)。 然而,从公司组织、企业治理、市场的变化,到个人职业发展、社会人际关系以及未来的教育与社会价值,多维度地探讨这个世界需要重新以不同的角度来思考问题,不能够总是停留在“第一曲线”的世界。 如果组织和企业能在第一曲线到达巅峰之前,找到带领企业二次腾飞的“第二曲线”,并且第二曲线必须在第一曲......一起来看看 《第二曲线:跨越“S型曲线”的二次增长》 这本书的介绍吧!

HTML 编码/解码
HTML 编码/解码

HTML 编码/解码

Base64 编码/解码
Base64 编码/解码

Base64 编码/解码

SHA 加密
SHA 加密

SHA 加密工具