CISPA
Browse

Reviving Meltdown 3a

Download (542.79 kB)
Since the initial discovery of Meltdown and Spectre in 2017, different variants of these attacks have been discovered. One often overlooked variant is Meltdown 3a, also known as Meltdown-CPL-REG. Even though Meltdown-CPL-REG was initially discovered in 2018, the available information regarding the vulnerability is still sparse. In this paper, we analyze Meltdown-CPL-REG on 19 different CPUs from different vendors using an automated tool. We observe that the impact is more diverse than documented and differs from CPU to CPU. Surprisingly, while the newest Intel CPUs do not seem affected by Meltdown-CPL-REG, the newest available AMD CPUs (Zen3+) are still affected by the vulnerability. Furthermore, given our attack primitive CounterLeak, we show that besides up-to-date patches, Meltdown-CPL-REG can still be exploited as we reenable performance-counter-based attacks on cryptographic algorithms, break KASLR, and mount Spectre attacks. Although Meltdown-CPL-REG is not as powerful as other transient-execution attacks, its attack surface should not be underestimated.

History

Preferred Citation

Daniel Weber, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz. Reviving Meltdown 3a. In: ESORICS. 2023.

Primary Research Area

  • Trustworthy Information Processing

Name of Conference

European Symposium on Research in Computer Security (ESORICS)

Legacy Posted Date

2023-08-17

Open Access Type

  • Repository

BibTeX

@inproceedings{cispa_all_4010, author = {Daniel Weber AND Fabian Thomas AND Lukas Gerlach AND Ruiyi Zhang AND Michael Schwarz}, title = {Reviving Meltdown 3a}, booktitle = {ESORICS}, year = {2023} }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC