CPU Attack
|
16.10.2025 |
How a Catch-22 Breaks AMD SEV-SNP (ACM CCS 2025) |
CPU |
||
|
10.07.2025 |
AMD discovered several transient scheduler attacks related to the execution timing of instructions under specific microarchitectural conditions while investigating a Microsoft® report titled “Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks”. |
CPU |
||
|
02.07.2024 |
High-Precision Branch Target Injection Attacks Exploiting the Indirect Branch Predictor |
introduces novel high-precision Branch Target Injection (BTI) attacks, leveraging the intricate structures of the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) in high-end Intel CPUs (Raptor Lake and Alder Lake). |
CPU |
|
|
16.05.2024 |
On the Limitations of Domain Isolation Against Spectre-v2 Attacks |
CPU |
||
|
08.05.2024 |
Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor |
CPU |
||
|
10.04.2024 |
We present InSpectre Gadget, an in-depth Spectre gadget inspector that uses symbolic execution to accurately reason about exploitability of usable gadgets. Our tool performs generic constraint analysis and models knowledge of advanced exploitation techniques to accurately reason over gadget exploitability in an automated way. |
CPU |
||
|
27.03.2024 |
on AMD Zen-based Platforms |
CPU |
||
|
10.12.2023 |
An in-domain transient execution attack allows a sandboxed adversary to access a secret within the same domain by circumventing software-based access controls. |
CPU |
||
|
10.12.2023 |
A cross-domain transient execution attack5 requires the adversary to find a disclosure gadget in the victim’s domain which, when executed transiently, can transiently access6 and transmit a secret over a covert channel. |
CPU |
||
|
10.12.2023 |
In a domain-bypass transient execution attack, the adversary executes transient instructions that circumvent hardware-based access controls, allowing access to a secret outside of the adversary’s domain. |
CPU |
||
|
10.12.2023 |
A transient execution attack exploits the microarchitectural side effects of transient instructions, thus allowing a malicious adversary to access information that would ordinarily be prohibited by architectural access control mechanisms. |
CPU |
||
|
08.12.2023 |
SLAM: SPECTRE BASED ON LINEAR ADDRESS MASKING |
CPU |
||
|
05.07.2020 |
Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed. |
CPU |
||
|
05.07.2020 |
Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU's trusted execution environments (TEE). |
CPU |
||
|
27.03.2018 |
We present BranchScope — a new side-channel attack where the attacker infers the direction of an arbitrary conditional |
CPU |
||
|
29.01.2020 |
If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel, co-resident virtual machines, and even from Intel's secured SGX enclave. |
CPU |
||
|
11.12.2019 |
Modern processors are being pushed to perform faster than ever before - and with this comes increases in heat and power consumption. To manage this, many chip manufacturers allow frequency and voltage to be adjusted as and when needed. But more than that, they offer the user the opportunity to modify the frequency and voltage through priviledged software interfaces. |
CPU |
||
|
20.11.2019 |
iTLB multihit is an erratum where some processors may incur a machine check error, possibly resulting in an unrecoverable CPU lockup, when an instruction fetch hits multiple entries in the instruction TLB. This can occur when the page size is changed along with either the physical address or cache type. A malicious guest running on a virtualized system can exploit this erratum to perform a denial of service attack. |
CPU |
||
|
20.11.2019 |
Starting with the second-generation Intel® Core™ Processors and Intel® Xeon® E3-1200 Series Processors (formerly codenamed Sandy Bridge) and later processor families, the Intel® microarchitecture introduces a microarchitectural structure called the Decoded ICache (also called the Decoded Streaming Buffer or DSB). |
CPU |
||
|
13.11.2019 |
Trusted Platform Module (TPM) serves as a root of trust for the operating system. TPM is supposed to protect our security keys from malicious adversaries like malware and rootkits. |
CPU |
||
|
13.11.2019 |
A new speculative vulnerability called ZombieLoad 2, or TSX Asynchronous Abort, has been disclosed today that targets the Transactional Synchronization Extensions (TSX) feature in Intel processors. |
CPU |
||
|
13.11.2019 |
The RIDL and Fallout speculative execution attacks allow attackers to leak private data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your data to malicious websites. |
CPU |
||
|
11.09.2019 |
NetCAT shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform). |
CPU |
||
|
07.08.2019 |
The SWAPGS Attack, as they call it, circumvents the protective measures that have been put in-place in response to earlier attacks such as Spectre and Meltdown. Still, there is plenty of good news: Microsoft has already released Windows patches for the flaw that makes the attack possible and, even though feasible, the researchers don’t expect the attack to be exploited for widespread, non-targeted attacks. |
CPU |
||
|
15.08.2018 |
TLBleed is a new side channel attack that has been proven to work on Intel CPU’s with Hyperthreading (generally Simultaneous Multi-threading, or SMT, or HT on Intel) enabled. It relies on concurrent access to the TLB, and it being shared between threads. We find that the L1dtlb and the STLB (L2 TLB) is shared between threads on Intel CPU cores. |
CPU |
||
|
15.08.2018 |
Foreshadow is a vulnerability that affects modern microprocessors that was first discovered by two independent teams of researchers in January 18, but was first disclosed to the public on 14 August 18.The vulnerability is a speculative execution attack on Intel processors that may result in the loss of sensitive information stored in personal computers, or third party clouds.There are two versions: the first version (original/Foreshadow) (CVE-18-3615) targets data from SGX enclaves; and the second version (next-generation/Foreshadow-NG) (CVE-18-3620 and CVE-18-3646) targets Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory |
CPU |
||
|
15.08.2018 |
Meltdown is a hardware vulnerability affecting Intel x86 microprocessors, IBM POWER processors, and some ARM-based microprocessors. It allows a rogue process to read all memory, even when it is not authorized to do so. |
CPU |
||
|
15.08.2018 |
Spectre is a vulnerability that affects modern microprocessors that perform branch prediction.On most processors, the speculative execution resulting from a branch misprediction may leave observable side effects that may reveal private data to attackers. For example, if the pattern of memory accesses performed by such speculative execution depends on private data, the resulting state of the data cache constitutes a side channel through which an attacker may be able to extract information about the private data using a timing attack. |
CPU |
||
|
15.05.2019 |
After Meltdown, Spectre, and Foreshadow, we discovered more critical vulnerabilities in modern processors. The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them. |
CPU Attack |
||
|
14.05.2019 |
New attacks extract data from CPU buffers. Two attacks dubbed RIDL and Falloutexploit a set of four vulnerabilities collectively known as Microarchitectural Data Sampling (MDS) vulnerabilities - a name given by Intel. The flaws affect Intel CPUs released since 2008, the researchers say. |
CPU Attack |
||
|
14.05.2019 |
Researchers from VUSec - the Systems and Network Security Group at Vrije University in Amsterdam, and from the Helmholtz Center for Information Security (CISPA) have developed the RIDL (short for Rogue In-Flight Data Load) attack. |
CPU Attack |
||
|
17.06.2024 |
TIKTAG: Breaking ARM’s Memory Tagging Extension with Speculative Executi |
ARM CPU |
||
If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel, co-resident virtual machines, and even from Intel's secured SGX enclave.Dubbed CacheOut a.k.a. L1 Data Eviction Sampling (L1DES) and assigned CVE-2020-0549, the new microarchitectural attack allows an attacker to choose which data to leak from the CPU's L1 Cache, unlike previously demonstrated MDS attacks where attackers need to wait for the targeted data to be available.
Modern processors are being pushed to perform faster than ever before - and with this comes increases in heat and power consumption. To manage this, many chip manufacturers allow frequency and voltage to be adjusted as and when needed. But more than that, they offer the user the opportunity to modify the frequency and voltage through priviledged software interfaces.
iTLB multihit is an erratum where some processors may incur a machine check error, possibly resulting in an unrecoverable CPU lockup, when an instruction fetch hits multiple entries in the instruction TLB. This can occur when the page size is changed along with either the physical address or cache type. A malicious guest running on a virtualized system can exploit this erratum to perform a denial of service attack.
Starting with the second-generation Intel® Core™ Processors and Intel® Xeon® E3-1200 Series Processors (formerly codenamed Sandy Bridge) and later processor families, the Intel® microarchitecture introduces a microarchitectural structure called the Decoded ICache (also called the Decoded Streaming Buffer or DSB).
Trusted Platform Module (TPM) serves as a root of trust for the operating system. TPM is supposed to protect our security keys from malicious adversaries like malware and rootkits.
A new speculative vulnerability called ZombieLoad 2, or TSX Asynchronous Abort, has been disclosed today that targets the Transactional Synchronization Extensions (TSX) feature in Intel processors.
The RIDL and Fallout speculative execution attacks allow attackers to leak private data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your data to malicious websites.
NetCAT shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform).
The SWAPGS Attack, as they call it, circumvents the protective measures that have been put in-place in response to earlier attacks such as Spectre and Meltdown. Still, there is plenty of good news: Microsoft has already released Windows patches for the flaw that makes the attack possible and, even though feasible, the researchers don’t expect the attack to be exploited for widespread, non-targeted attacks.
After Meltdown, Spectre, and Foreshadow, we discovered more critical vulnerabilities in modern processors. The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them.
New attacks extract data from CPU buffers. Two attacks dubbed RIDL and Falloutexploit a set of four vulnerabilities collectively known as Microarchitectural Data Sampling (MDS) vulnerabilities - a name given by Intel. The flaws affect Intel CPUs released since 2008, the researchers say.
Researchers from VUSec - the Systems and Network Security Group at Vrije University in Amsterdam, and from the Helmholtz Center for Information Security (CISPA) have developed the RIDL (short for Rogue In-Flight Data Load) attack.
TLBleed is a new side channel attack that has been proven to work on Intel CPU’s with Hyperthreading (generally Simultaneous Multi-threading, or SMT, or HT on Intel) enabled. It relies on concurrent access to the TLB, and it being shared between threads. We find that the L1dtlb and the STLB (L2 TLB) is shared between threads on Intel CPU cores.
Foreshadow is a vulnerability that affects modern microprocessors that was first discovered by two independent teams of researchers in January 18, but was first disclosed to the public on 14 August 18.The vulnerability is a speculative execution attack on Intel processors that may result in the loss of sensitive information stored in personal computers, or third party clouds.There are two versions: the first version (original/Foreshadow) (CVE-18-3615) targets data from SGX enclaves; and the second version (next-generation/Foreshadow-NG) (CVE-18-3620 and CVE-18-3646) targets Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory
Meltdown is a hardware vulnerability affecting Intel x86 microprocessors, IBM POWER processors, and some ARM-based microprocessors. It allows a rogue process to read all memory, even when it is not authorized to do so.
Spectre is a vulnerability that affects modern microprocessors that perform branch prediction.On most processors, the speculative execution resulting from a branch misprediction may leave observable side effects that may reveal private data to attackers. For example, if the pattern of memory accesses performed by such speculative execution depends on private data, the resulting state of the data cache constitutes a side channel through which an attacker may be able to extract information about the private data using a timing attack.
We present BranchScope — a new side-channel attack where the attacker infers the direction of an arbitrary conditional branch instruction in a victim program by manipulating the shared directional branch predictor