Bypassing KPTI Using The Speculative Behavior Of The SWAPGS Instruction

XUwZUdOHT1c/default.jpg

Speculative-execution based attacks and side-channels are more and more common as disclosures continue to increase scrutiny by researchers in this field. In this talk, we demonstrate a new type of side-channel attack based on speculative execution of the SWAPGS instruction inside the OS kernel. This attack is capable of circumventing all existing protective measures, such as CPU microcode patches or kernel address space isolation (KVA shadowing/KPTI).

By Andrei Lutas and Dan Lutas

Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefi...

XUwZUdOHT1c/default.jpg
Bypassing KPTI Using The Speculative Behavior Of The SWAPGS Instruction Bypassing KPTI Using The Speculative Behavior Of The SWAPGS Instruction Reviewed by Anonymous on March 19, 2020 Rating: 5