Date: Tue, 11 Aug 2015 21:35:26 -0400 From: sophia <sophia@...ilofbits.com> To: oss-security@...ts.openwall.com Subject: CVE request - Processor side channels using out of order execution Hi, I would like to request a CVE for a processor side channels using out of order execution. Past discussion of this includes: http://www.openwall.com/lists/oss-security/2015/08/11/16 <http://www.openwall.com/lists/oss-security/2015/08/11/16> Details of attack: https://blog.trailofbits.com/2015/07/21/hardware-side-channels-in-the-cloud/ <https://blog.trailofbits.com/2015/07/21/hardware-side-channels-in-the-cloud/> http://sophia.re/RECON/ Conferences presented at: RECON Montreal 2015 - https://recon.cx/2015/schedule/events/29.html <https://recon.cx/2015/schedule/events/29.html> Blackhat 2015 - https://www.blackhat.com/us-15/briefings.html#exploiting-out-of-order-execution-for-covert-cross-vm-communication <https://www.blackhat.com/us-15/briefings.html#exploiting-out-of-order-execution-for-covert-cross-vm-communication> Previously requested: no Type: Side Channel Vulnerability Affected versions: up till current processor architecture Brief Description: Simultaneous multi-threading on current processors allows for one process to exploit out-of-order execution optimizations to leak information from co-executed processes. Conversely, this same setup allows for one process to force an increase or a decrease in out-of-order-execution optimizations in the other process, thereby effecting its computed values and control flow. - Sophia D'Antoine Content of type "text/html" skipped Download attachment "smime.p7s" of type "application/pkcs7-signature" (3833 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ