Git-Mirrors/thgtoa
1
0
Fork 0
mirror of https://github.com/Anon-Planet/thgtoa.git synced 2025-02-08 18:58:48 -05:00
Code Issues Packages Projects Releases Wiki Activity

Detail new architectural CPU bug "Downfall" Attacks

Browse Source
This commit is contained in:
nopenothinghere 2023-08-09 12:29:31 -04:00
parent c23dd99036
commit 362853bd2d
Signed by untrusted user who does not match committer: nope
GPG Key ID: 21AB6B6A6CB2C337
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
guide.md
View File

@ -12412,6 +12412,7 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte
- [SQUIP](https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) <sup>[[Archive.org]](https://web.archive.org/web/20220812082548/https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/)</sup> - Scheduler Queue Usage via Interface Probing. All of AMD's Zen CPUs are vulnerable to a medium-severity flaw which can allow threat actors to run side-channel attacks.
- [Hertzbleed](https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) <sup>[[Archive.org]](https://web.archive.org/web/20220712000058/https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html)</sup> - Deducing cryptographic keys by analyzing power consumption has long been an attack, but its not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit.
- [Retbleed](https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) <sup>[[Archive.org]](https://web.archive.org/web/20220804151557/https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/)</sup> - Retbleed focuses on return instructions, which are part of the retpoline software mitigation against the speculative execution class of attacks that became known starting early 2018, with Spectre.
- [Downfall](https://downfall.page/) <sup>[[Archive.org]](https://web.archive.org/web/20230809145002/https://downfall.page/)</sup> - Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques exploit the **gather** instruction to steal information from [SIMD register buffers](https://en.wikipedia.org/wiki/Single_instruction,_multiple_data) and victim processes.
# Appendix B6: Warning for using Orbot on Android