<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=395376054629540&amp;ev=PageView&amp;noscript=1">

Security Implications of Speculatively Executing Segmentation Related Instructions on Intel CPUs



In this whitepaper we analyze a number of security implications resulting from speculatively executing instructions that are used for x86 segmentation handling.

We also show how side-effects of the x86 legacy segmentation model can be used to subvert KASLR on modern, up-to-date operating systems.

Last but not least, we demonstrate how to use the speculative writes to segment descriptor bases as a novel covert channel, which, in the absence of SMEP and RSB Stuffing, could be used to leak arbitrary register values across different privilege levels.



📧 Please fill out the information requested and we will email you this whitepaper in a few minutes.