cross privilege side-channel attack
Predrag Punosevac
predragp at andrew.cmu.edu
Sat Aug 10 10:59:31 EDT 2019
Hi Autonians,
I hope all of you are out on the fresh air and that you will not be
reading this email before Monday. Goodfellas from Intel have screwed
up again. Intel CPUs have another cross privilege side-channel attack.
(SWAPGS)
https://threatpost.com/new-swapgs-side-channel-attack-bypasses-spectre-and-meltdown-defenses/147034/
Our perimeter machines, all of which are of course powered by OpenBSD
(sorry Ubuntu guys that I have to hurt your feelings), have already
been patched. Due to the fact that machines had to be rebooted OpenVPN
daemons on all shell gateways and desktops had to be restarted which
could be perceived as a network interruption.
In the case you wonder this is the second privilege hole discovered in
two months.
Hint: Google Intel CPUs have a cross privilege side-channel attack (MDS).
At this point I don't even bother patching other OSs (I am not even
sure that they came up with patches) as they still support
hyperthreding which is highly unsafe and should not be enabled on
mission critical machines.
Cheers,
Predrag
More information about the Autonlab-users
mailing list