(2023) Reviving Meltdown 3a.
Text
meltdown3a_esorics23.pdf - Published Version Download (555kB) |
Abstract
Since the initial discovery of Meltdown and Spectre in 2017, different variants of these attacks have been discovered. One often overlooked variant is Meltdown 3a, also known as Meltdown-CPL-REG. Even though Meltdown-CPL-REG was initially discovered in 2018, the available information regarding the vulnerability is still sparse. In this paper, we analyze Meltdown-CPL-REG on 19 different CPUs from different vendors using an automated tool. We observe that the impact is more diverse than documented and differs from CPU to CPU. Surprisingly, while the newest Intel CPUs do not seem affected by Meltdown-CPL-REG, the newest available AMD CPUs (Zen3+) are still affected by the vulnerability. Furthermore, given our attack primitive CounterLeak, we show that besides up-to-date patches, Meltdown-CPL-REG can still be exploited as we reenable performance-counter-based attacks on cryptographic algorithms, break KASLR, and mount Spectre attacks. Although Meltdown-CPL-REG is not as powerful as other transient-execution attacks, its attack surface should not be underestimated.
Item Type: | Conference or Workshop Item (A Paper) (Paper) |
---|---|
Divisions: | Michael Schwarz (MS) |
Conference: | ESORICS European Symposium On Research In Computer Security |
Depositing User: | Michael Schwarz |
Date Deposited: | 17 Aug 2023 09:55 |
Last Modified: | 12 Sep 2023 07:38 |
Primary Research Area: | NRA3: Threat Detection and Defenses |
URI: | https://publications.cispa.saarland/id/eprint/4010 |
Actions
Actions (login required)
View Item |