"Academic researchers from Vrije Universiteit Amsterdam have demonstrated that transient execution CPU vulnerabilities are practical to exploit in real-world scenarios to leak memory from VMs running on public cloud services. The research shows that L1TF (L1 Terminal Fault), also known as Foreshadow, a bug in Intel processors reported in January 2018, and half-Spectre, gadgets believed unexploitable on new-generation CPUs, as they cannot directly leak secret data, can be used together to leak data from the public cloud."
"Last month, the academics reported L1TF Reloaded (PDF), a vulnerability that combines L1TF and half-Spectre to bypass commonly deployed software mitigations and leak sensitive data from the hypervisor and a co-tenant on Google Cloud. Using a novel technique based on pointer chasing through the host and guest, we leak all information required to manually perform two-dimensional page table walks in software; with this, we can translate arbitrary virtual guest addresses to host physical addresses, enabling the leakage of any byte in the memory of the victim via L1TF,"
L1TF (L1 Terminal Fault), also called Foreshadow, is an Intel CPU bug disclosed in January 2018 that can expose secret data cached by the CPU. Half-Spectre gadgets that cannot directly leak secrets on new CPUs can be combined with L1TF to bypass software mitigations. The combined exploit, L1TF Reloaded, uses pointer-chasing through host and guest to reconstruct two-dimensional page table walks, translate guest virtual addresses to host physical addresses, and read arbitrary bytes of victim memory via L1TF. The attack is practical in public clouds because cloud environments effectively provide the execution capabilities needed to trigger the vulnerability.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]