20180124

Today's CPU vulnerability: what you need to know

【外部リンク】

https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

Today's CPU vulnerability: what you need to know

January 3, 2018



【外部リンク】

https://blog.google/topics/google-cloud/what-google-cloud-g-suite-and-chrome-customers-need-know-about-industry-wide-cpu-vulnerability/

What Google Cloud, G Suite and Chrome customers need to know about the industry-wide CPU vulnerability

Published Jan 3, 2018

Last year, Google’s Project Zero security team discovered a vulnerability affecting modern microprocessors.



【外部リンク】

https://googleprojectzero.blogspot.jp/2018/01/reading-privileged-memory-with-side.html
We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.

Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD and ARM on 2017-06-01 [1].

So far, there are three known variants of the issue:

Variant 1: bounds check bypass (CVE-2017-5753)
Variant 2: branch target injection (CVE-2017-5715)
Variant 3: rogue data cache load (CVE-2017-5754)

【外部リンク】
https://googleprojectzero.blogspot.jp/2014/07/announcing-project-zero.html

Tuesday, July 15, 2014
Announcing Project Zero

--

注目の投稿

cURL error 60: SSL certificate problem: unable to get local issuer certificate

cURL error 60: SSL certificate problem: unable to get local issuer certificate 更新失敗: ダウンロードに失敗しました。 cURL error 60: SSL certificate problem: ...

人気の投稿