Speculative Execution Vulnerability

In January 2018 a new class of vulnerabilities were discovered in speculative execution. They were termed Spectre and Meltdown. Adding to this list, two new vulnerabilities have been disclosed. They affect Intel,ARM and AMD processors. Please refer to their respective advisories for affected processor models. Rogue System Register Read: A new subvariant of Rogue Data Cache … Continue reading “Speculative Execution Vulnerability”

Mishandling of Debug Exceptions Leading to Elevation of Privilege : CVE-2018-8897

An elevation of privilege attack was discovered in the stack change mechanism in Intel and AMD. On exploitation an attacker can execute user level code in kernel context or cause DoS. The vulnerability resulted due to misinterpretation of the documents describing the stack change process. CVE-2018-8897 has been assigned to track this vulnerability. The researchers … Continue reading “Mishandling of Debug Exceptions Leading to Elevation of Privilege : CVE-2018-8897”

Vulnerabilities in AMD Processors RYZEN and EPYC

Various vulnerabilities have been discovered in AMD’s Zen architecture based processors – Ryzen and EPYC. Ryzen processors are aimed towards workstations, laptops and mobiles and EPYC is geared towards servers. The vulnerabilities have been discovered by CTS-Labs, they claim that attackers can exploit these vulnerabilities to : Inject malicious code in to the chip itself. … Continue reading “Vulnerabilities in AMD Processors RYZEN and EPYC”

Out-of-Order Execution Side-Channel attack [Spectre/Meltdown]

A flaw in Out-of-Order execution mechanism allows user level programs to leak addresses of kernel and process memory space. This vulnerability can be exploited to bypass KASLR as well as CPU security features like SMAP,SMEP,NX and PXN. It can be exploited to bypass OS process isolation. The issue affects processors from Intel, AMD ,ARM, Samsung and … Continue reading “Out-of-Order Execution Side-Channel attack [Spectre/Meltdown]”