Attacking Branch Predictors to Bypass ASLR
Beach Geek
labeachgeek at gmail.com
Wed Oct 19 19:00:02 UTC 2016
This came across my tech news feed. It's a bit early and more testing is
being done, but I wanted to start a discussion about it.
Does this affect FreeBSD?
If so, severity?
Can this be countered/fixed in the OS?
Link to 13 page paper:
http://www.cs.ucr.edu/~nael/pubs/micro16.pdf
Quotes:
"Today, ASLR-based defenses are
widely adopted in all major Operating Systems (OS), including
Linux [17], Windows [18] and OS X [19]. Smartphone system
software such as iOS [20] and Android [13] also use ASLR."
"We demonstrate that our attack can reliably recover
kernel ASLR in about 60 milliseconds when performed on a real
Haswell processor running a recent version of Linux. Finally, we
describe several possible protection mechanisms, both in software
and in hardware."
Opinions of whether this is a viable hack against FreeBSD systems?
BG
More information about the freebsd-hackers
mailing list