Slashdot Mirror
How a Researcher Hacked His Own Computer and Found One of the Worst CPU Bugs Ever Found (reuters.com)
Reuters tells the story of how Daniel Gruss, a 31-year-old information security researcher and post-doctoral fellow at Austria's Graz Technical University, hacked his own computer and exposed a flaw in most of the Intel chips made in the past two decades. Prior to his discovery, Gruss and his colleagues Moritz Lipp and Michael Schwarz had thought such an attack on the processor's "kernel" memory, which is meant to be inaccessible to users, was only theoretically possible. From the report: "When I saw my private website addresses from Firefox being dumped by the tool I wrote, I was really shocked," Gruss told Reuters in an email interview, describing how he had unlocked personal data that should be secured. Gruss, Lipp and Schwarz, working from their homes on a weekend in early December, messaged each other furiously to verify the result. "We sat for hours in disbelief until we eliminated any possibility that this result was wrong," said Gruss, whose mind kept racing even after powering down his computer, so he barely caught a wink of sleep.
Gruss and his colleagues had just confirmed the existence of what he regards as "one of the worst CPU bugs ever found." The flaw, now named Meltdown, was revealed on Wednesday and affects most processors manufactured by Intel since 1995. Separately, a second defect called Spectre has been found that also exposes core memory in most computers and mobile devices running on chips made by Intel, Advanced Micro Devices (AMD) and ARM Holdings, a unit of Japan's Softbank.
Gruss and his colleagues had just confirmed the existence of what he regards as "one of the worst CPU bugs ever found." The flaw, now named Meltdown, was revealed on Wednesday and affects most processors manufactured by Intel since 1995. Separately, a second defect called Spectre has been found that also exposes core memory in most computers and mobile devices running on chips made by Intel, Advanced Micro Devices (AMD) and ARM Holdings, a unit of Japan's Softbank.
Intel PR monkeys are trying to take AMD down with them, let's make this clear:
For the 3 bugs, the biggest one only affect Intel CPUs, for bug 2 and 3:
AMD bug only affects THE SAME PROCESS, unlike Intel, which allows exploits to cross processes:
https://googleprojectzero.blog...
As shown, AMD was only vulnerable to "the ability to read data inside mis-speculated execution within the same process, without crossing any privilege boundaries."
I encountered an only slightly older blog post where somebody demonstrates that speculative execution causes cache line reads. He claims no security hole and that the negative result is interesting because of how close he got. On reading it I had enough to develop the rest.
Anders Fogh deserves the real credit. https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/
AMD is NOT vulnerable to Meltdown. AMD already responded that their permission bits are checked BEFORE issuing instructions so kernel memory isn't readable, even speculatively.