Speculative Dereferencing: Reviving Foreshadow

Martin Schwarzl, Thomas Schuster, Michael Schwarz, Daniel Gruss

Publikation: KonferenzbeitragPaper


In this paper, we provide a systematic analysis of the root cause of the prefetching effect observed in previous works and show that its attribution to a prefetching mechanism is incorrect in all previous works, leading to incorrect conclusions and incomplete defenses.
We show that the root cause is speculative dereferencing of user-space registers in the kernel.
This new insight enables the first end-to-end Foreshadow (L1TF) exploit targeting non-L1 data, despite Foreshadow mitigations enabled, a novel technique to directly leak register values, and several side-channel attacks.
While the L1TF effect is mitigated on the most recent Intel CPUs, all other attacks we present still work on all Intel CPUs and on CPUs by other vendors previously believed to be unaffected.
PublikationsstatusVeröffentlicht - 2021
VeranstaltungFinancial Cryptography and Data Security 2021 - Virtual conference
Dauer: 1 Mär 20215 Mär 2021


KonferenzFinancial Cryptography and Data Security 2021

Fingerprint Untersuchen Sie die Forschungsthemen von „Speculative Dereferencing: Reviving Foreshadow“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren