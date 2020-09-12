erek
Supreme [H]ardness
- Joined
- Dec 19, 2005
- Messages
- 6,268
"From a single buffer overflow in the kernel, researchers claim three BlindSide exploits in being able to break KASLR (Kernel Address Space Layout Randomization), break arbitrary randomization schemes, and even break fine-grained randomization.
The researchers were looking at Skylake/Whiskeylake through Coffee Lake plus AMD Zen+ / Zen 2 processors in their research.
Their research paper concludes, "We presented BlindSide, a new exploitation technique that leverages an under-explored property of speculative execution (i.e., crash/execution suppression) to craft speculative probing primitives and lower the bar for software exploitation. We showed our primitives can be used to mount powerful, stealthy BROP-style attacks against the kernel with a single memory corruption vulnerability, without crashes and bypassing strong Spectre/randomization-based mitigations""
https://www.phoronix.com/scan.php?page=news_item&px=BlindSide
