Zenbleed (UAF in AMD Zen2 processors, exploitation included, It turns out that with precise scheduling, you can cause some processors to recover from a mispredicted vzeroupper incorrectly)
“If you remove the first word from the string “hello world”, what should the result be? This is the story of how we discovered that the answer could be your root password!”
First of all you need to trigger something called the XMM Register Merge Optimization , followed by a register rename (https://en.wikipedia.org/wiki/Register_renaming) and a mispredicted vzeroupper.
⚠️We now know that basic operations like strlen, memcpy and strcmp will use the vector registers – so we can effectively spy on those operations happening anywhere on the system! It doesn’t matter if they’re happening in other virtual machines, sandboxes, containers, processes, whatever! This works because the register file is shared by everything on the same physical core. In fact, two hyperthreads even share the same physical register file.
What do you think?
It is nice to know your opinion. Leave a comment.