![]() Phantom ( CVE-2022-23825) enables an attacker to create a transient window at arbitrary instructions. Instead of these hard-to-find gadgets, what if there was an easier way to achieve a transient window for training? This is where Phantom speculation comes in. Phantom speculationĪlthough TTE attacks are interesting, they are not necessarily trivial to pull off, due to the need for specific gadgets in the victim code. TTE attacks thus turn supposedly harmless transient windows into dangerous ones, by abusing the victim as a confused deputy that trains itself in a transient window. These newly inserted predictions trigger future transient windows which can be more powerful than the initial one. Instead of attempting to leak data in a transient window, TTE attacks abuse the transient window to insert new predictions into the branch predictor instead. Inception is an instance of a new class of transient execution attacks that do their Training in Transient Execution (TTE). Using this approach, Inception hijacks the transient control-flow of return instructions on all AMD Zen CPUs. As in the movie of the same name, Inception plants an “idea” in the CPU while it is in a sense “dreaming”, to make it take wrong actions based on supposedly self conceived experiences. ![]() ![]() Inception ( CVE-2023-20569) is a novel transient execution attack that leaks arbitrary data on all AMD Zen CPUs in the presence of all previously deployed software- and hardware mitigations. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |