Intel CPU cache poisoning: dangerously easy on Linux

Apr 22, 2009, 18:33 (7 Talkback[s])
(Other stories by Julie Bort)

"The goal of the attack is to gain access to the normally very well protected SMM (system management mode) space. From there you would be able to load your SMM rootkit into SMM space giving you full control over the hypervisor or operation system. Another benefit is that your rootkit would be almost undetectable by the operating system. According to the whitepaper: "The memory controller offers dedicated locks to limit access to only to system firmware (BIOS)."

"The exploit uses a form of Intel cache poisoning to get access to the SMM space that is supposed to be only accessible from system BIOS. Caching is used to increase performance of your computer. The CPU will use cached data first if it exists. So if you can replace the cache data with your own malicious data then you can be assured that it will be used in favor of the real data."

Complete Story

Related Stories:

• Intel Core i7 On Linux(Apr 07, 2009)
• Via spins netbook motherboard(Mar 19, 2009)
• Freescale Promises $200 Netbooks With New Chips(Feb 18, 2009)
• ASUS Eee PC 901 / Intel Atom: Linux Distribution Comparison(Sep 15, 2008)
• If They Mated: Intel and Cray to Conceive x86 Linux Monster(Apr 30, 2008)
• Saving Power on Intel Hardware Using Powertop(Jan 09, 2008)
• Phoronix: Intel Core 2 Duo Family Preview(Jul 18, 2006)