Sujet : Re: Uh Oh - NEW Data Leak Found in Intel Processors
De : invalid (at) *nospam* invalid.invalid (Richard Kettlewell)
Groupes : comp.os.linux.miscDate : 24. May 2025, 11:08:36
Autres entêtes
Organisation : terraraq NNTP server
Message-ID : <wwv8qmmtj6j.fsf@LkoBDZeT.terraraq.uk>
References : 1 2 3 4
User-Agent : Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
c186282 <
c186282@nnada.net> writes:
On 5/22/25 4:16 PM, Richard Kettlewell wrote:
I don’t think that’s correct. The BPRC attack breaches user/kernel,
guest/host and application-internal boundaries (i.e. it undermines
IBPB). Much wider impact than cloud service providers.
https://comsec.ethz.ch/wp-content/files/bprc_sec25.pdf
is the full paper.
>
Theoretically true. In PRACTICE however, it's a kinda
difficult breech technique - so expect it to be almost
entirely confined to "big"/"important" targets.
Read the paper. The user/kernel version of the exploit is not
theoretical; they built it. The data leakage rate quoted is based on
measurement, not analysis.
"Home", "smaller biz", nope.
That’s rather naive. Domestic users are absolutely a target. For example
when building a botnet the ownership of the endpoints is totally
irrelevant - it’s all about quantity, not quality.
STILL needs to be fixed ... but can EXISTING
chips be fixed without trashing performance ?
Read the paper, they quote the performance cost of mitigations.
-- https://www.greenend.org.uk/rjk/
Re: Uh Oh - NEW Data Leak Found in Intel Processors
Re: Uh Oh - NEW Data Leak Found in Intel Processors