dcsimg
Results 1 to 2 of 2
  1. #1
    Junior Member
    Join Date
    Jan 2018
    Posts
    1

    Your CPU might be vulnerable!

    https://www.kb.cert.org/vuls/id/584653

    Hey guys, check out this vulnerability advisory that was just released recently.

    "CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre (also KAISER and KPTI). These attacks are described in detail by Google Project Zero and the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz)."

    An attacker is able to execute code with user privileges can achieve various impacts, such as reading otherwise protected kernel memory and bypassing KASLR.

    The only solution is to replace CPU hardware

    The underlying vulnerability is primarily caused by CPU architecture design choices. Fully removing the vulnerability requires replacing vulnerable CPU hardware.

  2. #2
    Junior Member orphicone's Avatar
    Join Date
    Jan 2018
    Location
    Internet
    Posts
    1
    Quote Originally Posted by pdev View Post
    Fully removing the vulnerability requires replacing vulnerable CPU hardware.
    Not entirely true, then again, the only safe way to use the Internet could be argued to un-plug everything.

    Info for your brain-space to follow:

    The CVE Hit-List:
    CVE-2017-5715 - Branch Target Injection Side-Channel Information Disclosure Vulnerability (aka Spectre)

    CVE-2017-5753 - Bounds Check Bypass Side-Channel Information Disclosure Vulnerability (aka Spectre)

    CVE-2017-5754 - Rogue Data Cache Load Side-Channel Information Disclosure Vulnerability (aka Meltdown)


    MS Info:
    https://support.microsoft.com/en-us/...tive-execution


    Overall Good Info:
    https://www.bleepingcomputer.com/new...es-and-updates

    TLDR: It's a crap ton of work mitigating this but you do not have to replace your CPU, unless that is just like your thing.

Similar Threads

  1. FF 3.5.1 Vulnerable
    By nihil in forum Security News
    Replies: 10
    Last Post: July 21st, 2009, 09:50 AM
  2. The Web is more vulnerable than ever
    By Fakeboy in forum Web Development
    Replies: 2
    Last Post: July 12th, 2002, 04:20 PM
  3. IE vulnerable again
    By KOBBRAS in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: February 12th, 2002, 10:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •