【外部リンク】
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
Today's CPU vulnerability: what you need to know
January 3, 2018
【外部リンク】
https://blog.google/topics/google-cloud/what-google-cloud-g-suite-and-chrome-customers-need-know-about-industry-wide-cpu-vulnerability/
What Google Cloud, G Suite and Chrome customers need to know about the industry-wide CPU vulnerability
Published Jan 3, 2018
Last year, Google’s Project Zero security team discovered a vulnerability affecting modern microprocessors.
【外部リンク】
https://googleprojectzero.blogspot.jp/2018/01/reading-privileged-memory-with-side.html
We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.
Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD and ARM on 2017-06-01 [1].
So far, there are three known variants of the issue:
Variant 1: bounds check bypass (CVE-2017-5753)
Variant 2: branch target injection (CVE-2017-5715)
Variant 3: rogue data cache load (CVE-2017-5754)
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
Today's CPU vulnerability: what you need to know
January 3, 2018
【外部リンク】
https://blog.google/topics/google-cloud/what-google-cloud-g-suite-and-chrome-customers-need-know-about-industry-wide-cpu-vulnerability/
What Google Cloud, G Suite and Chrome customers need to know about the industry-wide CPU vulnerability
Published Jan 3, 2018
Last year, Google’s Project Zero security team discovered a vulnerability affecting modern microprocessors.
【外部リンク】
https://googleprojectzero.blogspot.jp/2018/01/reading-privileged-memory-with-side.html
We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.
Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD and ARM on 2017-06-01 [1].
So far, there are three known variants of the issue:
Variant 1: bounds check bypass (CVE-2017-5753)
Variant 2: branch target injection (CVE-2017-5715)
Variant 3: rogue data cache load (CVE-2017-5754)
【外部リンク】
https://googleprojectzero.blogspot.jp/2014/07/announcing-project-zero.html
Tuesday, July 15, 2014
Announcing Project Zero
