Posted on Friday, August 07 2020 @ 10:39 CEST by Thomas De Maesschalck
Some of the security researchers that discovered the Spectre and Meltdown CPU vulnerabilities now report that Intel and the broader computer science world misunderstood the so-called Foreshadow vulnerability. In a new paper, Martin Schwarzl, Thomas Schuster, and Daniel Gruss with Graz University of Technology, and Michael Schwarz, with the Helmholtz Center for Information Security, explain it's still possible to launch attacks against systems that are supposedly fully protected against Foreshadow because attempts to mitigate or patch the bug missed the mark:
"We discovered that effects reported in several academic papers over the past four years were not correctly understood, leading to incorrect assumptions on countermeasures," said Daniel Grus, assistant professor in the Secure Systems group at the Graz University of Technology, in an email to The Register. "The consequence is that we are able to mount a Foreshadow attack on older kernels patched against Foreshadow with all mitigations enabled and on a fully-patched kernel if only Spectre-v2 mitigations are disabled."
Full details
at The Register.
