Sujet : Re: YASV (Yet Another Security Vulnearability)
De : anton (at) *nospam* mips.complang.tuwien.ac.at (Anton Ertl)
Groupes : comp.archDate : 25. Jul 2024, 11:48:28
Autres entêtes
Organisation : Institut fuer Computersprachen, Technische Universitaet Wien
Message-ID : <2024Jul25.124828@mips.complang.tuwien.ac.at>
References : 1
User-Agent : xrn 10.11
Thomas Koenig <
tkoenig@netcologne.de> writes:
This time, it's "Indirector".
>
https://thehackernews.com/2024/07/new-intel-cpu-vulnerability-indirector.html
This article is devoid of any useful information, except that if one
looks closely, one finds a link to the page by the authors of the
work:
https://indirector.cpusec.org/My understanding is that it actually is not a new vulnerability, but
instead more work on Spectre v2: They reverse engineered how indirect
branch predictors and BTBs work in current Intel processors. In the
page, they write that they used this knowledge "to breach security
boundaries across diverse scenarios". OTOH, Intel claims that "no new
mitigations or guidance is required"
<
https://www.intel.com/content/www/us/en/security-center/announcement/intel-security-announcement-2024-07-02-001.html>.
- anton
-- 'Anyone trying for "industrial quality" ISA should avoid undefined behavior.' Mitch Alsup, <c17fcd89-f024-40e7-a594-88a85ac10d20o@googlegroups.com>