The Market Ticker
Rss Icon RSS available
You are not signed on; if you are a visitor please register for a free account!
The Market Ticker Single Post Display (Show in context)
User: Not logged on
Top Login FAQ Register Clear Cookie
User Info It's Operating As Designed (ROFL!); entered at 2018-01-04 11:48:48
Kroyl
Posts: 27
Registered: 2015-11-12
The basic attack works with practically all CPUs, AMD Ryzen included.
https://gist.github.com/ErikAugust/724d4....

Where Intel is different is that on Intel, it can be exploited directly, even across different privilege levels.
On the rest of CPUs, the attacker has to be able to trick the "victim" code so that it loads (or evicts) interesting data into cache lines.
The data itself is exposed through timing differences after the "victim" code has accessed the data (even speculatively).

This is a very common pattern in lightweight sandboxes (e.g. JavaScript interpreters) - there is no hardware-enforced privilege boundary at all, and the sandbox exposes a lot of surface area to JavaScript code to exploit.
The issue is never going to be completely fixed at the hardware level (it will require disabling either out-of-order execution and/or caching).

Sandbox implementers will have to insert "memory barrier" instructions in strategic places (such as after checking the parameters, but before the actual data access).
2018-01-04 11:48:48