[Cerowrt-devel] aarch64 exploit POC

Jonathan Morton chromatix99 at gmail.com
Sun Jan 7 11:22:33 EST 2018

> On 7 Jan, 2018, at 5:15 pm, Dave Taht <dave.taht at gmail.com> wrote:
> https://plus.google.com/+KristianK%C3%B6hntopp/posts/6CduVXSy6Kd
> There comes a time after coping with security holes nonstop for 5 days
> straight, when it is best to log off the internet entirely, stop
> thinking, drink lots of rum, and go surfing.

This is for Variant 3a, which is really not such a big deal, and only affects a few of ARM's cores.  Yes, you can read out privileged MSRs that way, but they generally don't contain directly-useful information.  ARM claims that the few CPUs where that *isn't* true are already immune to Variant 3a.

Only one of ARM's cores is vulnerable to Variant 3, ie. Meltdown, which can read privileged memory.  The same mitigation applies there as for x86 CPUs - unmap privileged memory completely, instead of just marking it inaccessible.

Variant 2 is a wider problem, for which ARM has produced mitigation strategies and patches, and Variant 1 is a near-universal problem for out-of-order CPUs running untrusted code.

Also, I think ARM is in a good position to remove or reduce exposure to these attacks in future core designs, including new revisions of existing cores.

 - Jonathan Morton

More information about the Cerowrt-devel mailing list