Fails out to get spectre meltdown11/9/2023 ![]() An exploit for the Meltdown vulnerability will execute an instruction that causes a trap. The exploitation of the Meltdown vulnerability (CVE-2017-5754) relies on a privilege escalation vulnerability in Intel CPUs (this privilege escalation vulnerability exists in most Intel CPUs since 1995). The side-channel attack relies on the timing of instructions to determine what data was loaded into the cache-lines: an instruction will execute faster if the data it requires is already in the cache-line. A side effect of out-of-order execution is that memory content is loaded into cache-lines. But because the results of these instructions are discarded (the branches would not have been executed in a sequential execution), Spectre exploits have to use side-channels attacks to recover the discarded results. ![]() Spectre exploits will search for branches that access memory that is outside of the security context of the running exploit (hence not allowed to be read), and then manipulate the branch-prediction algorithms to execute these branches out-of-order. Exploiting Spectre relies on the fact that the branch-prediction circuitry can be manipulated (by exploit code) to assign a higher probability on a chosen branch. The branch with the highest probability of execution is executed via out-of-order execution. Branch-prediction is implemented by the CPU circuits that try to predict which branch of a conditional execution will be executed. The Spectre vulnerability (CVE-2017-5715 and CVE-2017-5753) is actually a class of vulnerabilities in CPUs that implement speculative-execution, and more precisely branch-prediction (Meltdown is considered to be a particular case of Spectre). The Spectre and Meltdown vulnerabilities leverage these discarded results. ![]() The results of these “unnecessary” machine instructions are discarded. The implication is that machine instructions are being executed that ultimately should not have been executed, for example because a conditional branch is taken. The instructions are executed before it is known that they have to be executed (this is done to maximize the utilization of the CPU). Speculative-execution takes this concept further, and executes instructions that may actually not have to be executed.Instead of executing machine instructions step by step in the order specified by the program (like old fashioned CPUs do), CPUs nowadays speed up execution of programs by simultaneously executing several machine instructions of the program, but not necessarily in the order specified by the program (this is called out-of-order execution). Out-of-order execution is a performance feature of CPUs that allows for non-sequential execution of machine instructions. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |