昨天的cpu漏洞浮出水面，又是p0的开年杰作-任意虚拟内存读取。

https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html 

Variant 1: bounds check bypass (CVE-2017-5753)

Variant 2: branch target injection (CVE-2017-5715)

Variant 3: rogue data cache load (CVE-2017-5754)

测试过的cpu

Intel(R) Xeon(R) CPU E5-1650 v3 @ 3.50GHz (called "Intel Haswell Xeon CPU" in the rest of this document)

AMD FX(tm)-8320 Eight-Core Processor (called "AMD FX CPU" in the rest of this document)

AMD PRO A8-9600 R7, 10 COMPUTE CORES 4C+6G (called "AMD PRO CPU" in the rest of this document)

An ARM Cortex A57 core of a Google Nexus 5x phone [6] (called "ARM Cortex A57" in the rest of this document)

poc地址

https://github.com/turbo/KPTI-PoC-Collection

文章出处： me记录

你会喜欢

Intel CPU 曝大 BUG：迫使重新设计 Linux 和 Windows