whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/exploit/CPUs/meltdown.md

1.0 KiB
Raw Blame History

Meltdown

  • PoC from IAIK Overview

  • Each page table entries has the following flag values

    • SUP (user or kernel mode)
    • READ
    • WRITE

  • Flags are checked by the MMU

  • Pipelined steps of an instruction are the following

    • Fetch
    • Decode
    • Execute
    • Memory access
    • Register write back

  • A pipeline can execute one of each steps concurrently every clock cycle.

  • The MMU may jump between instruction queued in the pipeline to make use of time while the current instruction stalls.

  • Speculative execution is the reordering of instructions to speed up execution inside the pipeline.

    • If a condition is executed speculatively, kernel memory may be executed. No error is thrown, because the is no assurance if the condition will actually be executed in the end.

  • Kernel Page Table Isolation can be used to mitigate meltdown.