LVI

By: Anon (delete.delete@this.this.forum.com), March 10, 2020 5:18 pm
Room: Moderated Discussions
hobold (hobold.delete@this.vectorizer.org) on March 10, 2020 12:57 pm wrote:
> anonymou5 (no.delete@this.spam.com) on March 10, 2020 10:11 am wrote:
> > LVI - Hijacking Transient Execution with Load Value Injection
> >
> > https://lviattack.eu/
> > https://lviattack.eu/lvi.pdf
> >
> > (site is up, but pdf isn't yet, it seems)
>
> c't magazin has a tiny bit of information up on their newsticker. Presumably, aliasing
> false cache hits are used to slip forged data to loads across a protection boundary.
>
> At least it's something new this time. Oh, and no breathless comments this time
> about this being Intel only. So maybe it really is a new class of attack.

The paper is available, they found that it is (for now) only an issue on Intel, and primarily only within SGX. There's explicit line in the paper mentioning the `some Arm and AMD CPUs` do not allow invalid data to be forwarded to consumers, even if zero'd out or dummy'd.
< Previous Post in Thread 
TopicPosted ByDate
LVIanonymou52020/03/10 09:11 AM
  LVIhobold2020/03/10 11:57 AM
    LVIAnon2020/03/10 05:18 PM
Reply to this Topic
Name:
Email:
Topic:
Body: No Text
How do you spell avocado?