Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Aug 2015 21:35:26 -0400
From: sophia <sophia@...ilofbits.com>
To: oss-security@...ts.openwall.com
Subject: CVE request - Processor side channels using out of order execution

Hi,

I would like to request a CVE for a processor side channels using out of order execution. 

Past discussion of this includes: http://www.openwall.com/lists/oss-security/2015/08/11/16 <http://www.openwall.com/lists/oss-security/2015/08/11/16>

Details of attack:
https://blog.trailofbits.com/2015/07/21/hardware-side-channels-in-the-cloud/ <https://blog.trailofbits.com/2015/07/21/hardware-side-channels-in-the-cloud/>
http://sophia.re/RECON/

Conferences presented at:
RECON Montreal 2015 - https://recon.cx/2015/schedule/events/29.html <https://recon.cx/2015/schedule/events/29.html>
Blackhat 2015 - https://www.blackhat.com/us-15/briefings.html#exploiting-out-of-order-execution-for-covert-cross-vm-communication <https://www.blackhat.com/us-15/briefings.html#exploiting-out-of-order-execution-for-covert-cross-vm-communication>

Previously requested: no
Type: Side Channel Vulnerability

Affected versions: up till current processor architecture 

Brief Description: 
Simultaneous multi-threading on current processors allows for one process to exploit out-of-order execution optimizations to leak information from co-executed processes. Conversely, this same setup allows for one process to force an increase or a decrease in out-of-order-execution optimizations in the other process, thereby effecting its computed values and control flow.


- Sophia D'Antoine
[ CONTENT OF TYPE text/html SKIPPED ]

[ CONTENT OF TYPE application/pkcs7-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ