Researchers have demonstrated the “first native Spectre v2 exploit” for a new speculative execution side-channel flaw that impacts Linux systems running on many modern Intel processors. […]

    • henfredemars@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      I am not sure if this is detailed enough to be helpful, but this gadget is just a small code snippet usually just a few instructions long that can be hijacked into doing something useful for attacker.

        • henfredemars@infosec.pub
          link
          fedilink
          English
          arrow-up
          2
          ·
          8 months ago

          In the general sense, no. In this case, the researchers were using BPF for part of the work because it’s an easy way to get code running in kernel space, possibly as an unprivileged user if the system is configured to allow this. Many popular distributions restrict this.

          The general concept however is still sound. A big contribution of this work is showing that there isn’t necessarily a dependence on access to BPF. Under some circumstances, it’s still possible to inject branch target history leading to information leaks.

          I apologize if this is a little vague. This is my best understanding.