Linux Today: Linux News On Internet Time.

Intel CPU cache poisoning: dangerously easy on Linux

Apr 22, 2009, 18:33 (7 Talkback[s])
(Other stories by Julie Bort)

"The goal of the attack is to gain access to the normally very well protected SMM (system management mode) space. From there you would be able to load your SMM rootkit into SMM space giving you full control over the hypervisor or operation system. Another benefit is that your rootkit would be almost undetectable by the operating system. According to the whitepaper: "The memory controller offers dedicated locks to limit access to only to system firmware (BIOS)."

"The exploit uses a form of Intel cache poisoning to get access to the SMM space that is supposed to be only accessible from system BIOS. Caching is used to increase performance of your computer. The CPU will use cached data first if it exists. So if you can replace the cache data with your own malicious data then you can be assured that it will be used in favor of the real data."

Complete Story

Related Stories: