The past few days have been busy if you’re trying to keep up with the pace of computer security news. Between a serious Chromium bug that’s actively being exploited on Windows 7 systems, the NSA releasing one of their tools as an open source project, and a new Spectre-like speculative execution flaw in Intel processors, there’s a lot to digest.
To discuss “Spoiler” let’s do a quick refresher on how we got here. Speculative Execution is a staple of modern processors, allowing code to be executed out of order, and caching the results until needed. Instructions Per Cycle (IPC) has become an important metric as clock speed has stalled out at the 5 GHz barrier. Speculative Execution was dealt a blow when Spectre and Meltdown were announced. The essence of both attacks is that speculative execution has discernible effects. Try to access something you shouldn’t be allowed to see, and with some clever timing attacks against the cache, the protected data is leaked to another process.
Rowhammer is an attack against a machine’s physical memory. Modern memory only holds state for a limited period of time, and needs to be refreshed several times a second. It turns out that flipping nearby bits can cause that state to degrade more quickly. The Rowhammer exploit rapidly flips specific bits in order to affect neighboring ram, even if those memory addresses belong to different processes. It can change data in places that should be protected. One of the mitigations for Rowhammer is that the attacking process needs to understand the physical memory layout. There are various techniques that hide how a process’s memory is mapped to the physical layout, like Kernel Address Space Layout Randomization (KASLR).
Spoiler is a new abuse of speculative execution that leaks information about the physical memory layout, enabling much quicker Rowhammer attacks. The Register was the first to pick up on this story. Intel processors…
Latest posts by Peter Bordes (see all)
- Scientists Discover Nearly 200,000 Kinds of Ocean Viruses - April 28, 2019
- Here’s why privately-owned cities are a terrible idea - April 28, 2019
- Nubia announces Red Magic 3, the first gaming phone with an internal cooling fan - April 28, 2019
More from Around the Web