朋友圈看到的
昨天的cpu漏洞浮出水面,又是p0的开年杰作-任意虚拟内存读取。
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
Variant 1: bounds check bypass (CVE-2017-5753)
Variant 2: branch target injection (CVE-2017-5715)
Variant 3: rogue data cache load (CVE-2017-5754)
测试过的cpu
Intel(R) Xeon(R) CPU E5-1650 v3 @ 3.50GHz (called “Intel Haswell Xeon CPU” in the rest of this document)
AMD FX(tm)-8320 Eight-Core Processor (called “AMD FX CPU” in the rest of this document)
AMD PRO A8-9600 R7, 10 COMPUTE CORES 4C+6G (called “AMD PRO CPU” in the rest of this document)
An ARM Cortex A57 core of a Google Nexus 5x phone [6] (called “ARM Cortex A57” in the rest of this document)
poc地址
https://github.com/turbo/KPTI-PoC-Collection
引用网址:
https://mp.weixin.qq.com/s?__biz=MzA5MDUwMzM1Nw==&mid=2652481081&idx=1&sn=20a5ed25e6f1e754ed34b218a6bfab74&chksm=8be7a7ebbc902efd64cb1c78f4a1bb4b77cd972e2ff9c5d141b549c5c866564a4baf77c63563&mpshare=1&scene=23&srcid=0104jGvZSegHRcL1Sd3NRyBO#rd
https://meltdownattack.com/