Shulou(Shulou.com)11/24 Report--

CTOnews.com, April 25 (Xinhua)-- cyber security researchers at the University of Maryland and Tsinghua University, as well as a laboratory at Beijing University of posts and Telecommunications, have discovered a side channel attack vulnerability for Intel CPU, similar to Meltdown, which could lead to sensitive data disclosure.

In a paper published on Arxiv.org, the team mentioned that this attack exploits a flaw in transient execution, which "makes it possible to extract secret data from the user's memory space through timing analysis." changes in EFLAGS registers during transient execution can affect the timing of conditional code hopping (JCC) instructions.

CTOnews.com note: the FLAGS register mentioned here is generally referred to as a "status register containing the current state of x86 CPU", while JCC is a "CPU instruction that allows conditional branching" based on the contents of the EFLAGS register.

To put it simply, to exploit this vulnerability, we should first trigger the transient execution of the encoding (including secret data) through the EFLAGS register, and then measure the execution time of the JCC instruction to obtain the contents of the encoded data.

Source of ▲ attack overview: arxiv.org the above researchers have tested this vulnerability on a variety of chips and found it "100% successful" on i7-6700 and i7-7700 and "partially successful" on i9-10980XE (the test platform is based on Ubuntu 22.04 jammy,Linux kernel version 5.15.0).

▲ pseudocode (arxiv.org) for timing transient execution attacks researchers have found that attacks need to be run thousands of times in order to achieve greater consistency on the new chip. But they don't know what caused the Bug.

"in our experiments, we found that the effect of EFLAGS registers on the execution time of Jcc instructions is not as lasting as the cache state," the researchers noted. "Jcc execution time will not build side channels for about 6-9 cycles after transient execution. As a rule of thumb, attacks need to be repeated thousands of times to achieve higher accuracy."

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.