This page was mutated from its original content to reduce and change some links that could confuse integrity.
Exploits: BlindSide SpecEx Attacks
grarpamp
grarpamp at gmail.com
Sun Sep 13 19:40:05 PDT 2020
- Previous message (by thread): [gilmay97 at gmail.com: A Story]
- Next message (by thread): Earth: Wildlife In Catastrophic Decline Due To Human Destruction
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
https://download.vusec.net/papers/blindside_ccs20.pdf
https://www.youtube.com/watch?v=m-FUIZiRN5o
BlindSide allows attackers to “hack blind” in the Spectre era. That
is, given a simple buffer overflow in the kernel and no additional
info leak vulnerability, BlindSide can mount BROP-style attacks in the
speculative execution domain to repeatedly probe and derandomize the
kernel address space, craft arbitrary memory read gadgets, and enable
reliable exploitation. This works even in face of strong randomization
schemes, e.g., the recent FGKASLR or fine-grained schemes based on
execute-only memory, and state-of-the-art mitigations against Spectre
and other transient execution attacks.
- Previous message (by thread): [gilmay97 at gmail.com: A Story]
- Next message (by thread): Earth: Wildlife In Catastrophic Decline Due To Human Destruction
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the cypherpunks
mailing list