ZombieLoad: Cross-Privilege-Boundary Data Sampling
Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian, Stecklina, Thomas Prescher, Daniel Gruss
TL;DR
ZombieLoad reveals a new side-channel attack exploiting fill-buffer logic in modern CPUs, enabling data leakage across privilege boundaries, and highlights the need for disabling hyperthreading as a mitigation.
Contribution
This paper introduces ZombieLoad, a novel Meltdown-type attack targeting fill-buffer logic, demonstrating cross-privilege data leakage in modern processors.
Findings
ZombieLoad can leak data across logical cores.
Disabling hyperthreading prevents ZombieLoad attacks.
The attack affects various privilege levels and environments.
Abstract
In early 2018, Meltdown first showed how to read arbitrary kernel memory from user space by exploiting side-effects from transient instructions. While this attack has been mitigated through stronger isolation boundaries between user and kernel space, Meltdown inspired an entirely new class of fault-driven transient execution attacks. Particularly, over the past year, Meltdown-type attacks have been extended to not only leak data from the L1 cache but also from various other microarchitectural structures, including the FPU register file and store buffer. In this paper, we present the ZombieLoad attack which uncovers a novel Meltdown-type effect in the processor's previously unexplored fill-buffer logic. Our analysis shows that faulting load instructions (i.e., loads that have to be re-issued for either architectural or microarchitectural reasons) may transiently dereference…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Advanced Malware Detection Techniques · Cloud Data Security Solutions