cpu漏洞&poc

朋友圈看到的

昨天的cpu漏洞浮出水面,又是p0的开年杰作-任意虚拟内存读取。

https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

Variant 1: bounds check bypass (CVE-2017-5753)

Variant 2: branch target injection (CVE-2017-5715)

Variant 3: rogue data cache load (CVE-2017-5754)

测试过的cpu

Intel(R) Xeon(R) CPU E5-1650 v3 @ 3.50GHz (called "Intel Haswell Xeon CPU" in the rest of this document)

AMD FX(tm)-8320 Eight-Core Processor (called "AMD FX CPU" in the rest of this document)

AMD PRO A8-9600 R7, 10 COMPUTE CORES 4C+6G (called "AMD PRO CPU" in the rest of this document)

An ARM Cortex A57 core of a Google Nexus 5x phone [6] (called "ARM Cortex A57" in the rest of this document)

poc地址

https://github.com/turbo/KPTI-PoC-Collection

微信公众号;me记录

本文由 华盟网 作者:AlexFrankly 发表,其版权均为 华盟网 所有,文章内容系作者个人观点,不代表 华盟网 对观点赞同或支持。如需转载,请注明文章来源。

1

发表评论

// 360自动收录 // 360自动收录