Since the initial discovery of Meltdown and Spectre in 2017, different variants of these attacks have been discovered. One often overlooked variant is Meltdown 3a, also known as Meltdown-CPL-REG. Even though Meltdown-CPL-REG was initially discovered in 2018, the available information regarding the vulnerability is still sparse.
In this paper, we analyze Meltdown-CPL-REG on 19 different CPUs from different vendors using an automated tool. We observe that the impact is more diverse than documented and differs from CPU to CPU. Surprisingly, while the newest Intel CPUs do not seem affected by Meltdown-CPL-REG, the newest available AMD CPUs (Zen3+) are still affected by the vulnerability. Furthermore, given our attack primitive CounterLeak, we show that besides up-to-date patches, Meltdown-CPL-REG can still be exploited as we reenable performance-counter-based attacks on cryptographic algorithms, break KASLR, and mount Spectre attacks. Although Meltdown-CPL-REG is not as powerful as other transient-execution attacks, its attack surface should not be underestimated.
History
Preferred Citation
Daniel Weber, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz. Reviving Meltdown 3a. In: ESORICS. 2023.
Primary Research Area
Trustworthy Information Processing
Name of Conference
European Symposium on Research in Computer Security (ESORICS)
Legacy Posted Date
2023-08-17
Open Access Type
Repository
BibTeX
@inproceedings{cispa_all_4010,
author = {Daniel Weber AND Fabian Thomas AND Lukas Gerlach AND Ruiyi Zhang AND Michael Schwarz},
title = {Reviving Meltdown 3a},
booktitle = {ESORICS},
year = {2023}
}