Skip to content

Rage Against The Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks

License

Notifications You must be signed in to change notification settings

vusec/fpvi-scsb

Repository files navigation

Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks

This repository contains test code, examples and exploits regarding transient windows generated by Machine Clears.

For more information about our work:

Setup and Environment

To compile all the code and configure your environment, simply perform the following:

make
source config.sh

Repository organization

Every folder contains a separated README with more details. In summary, this is the content of every folder:

  • fp_reverse_engineering: utilities to test, understand and verify the presence of FPVI vulnerability
  • leakers: example test code to show how every presented machine clear can be used to read transiently memory
  • leak_rate_win_size: code to measure leak rate and window size of various transient execution mechanisms
  • md_reverse_engineering: experiments to reverse engineer the memory disambiguation predictor on Intel processor
  • fpvi_firefox_exploit: Firefox exploit based on FPVI to leak arbitrary memory locations (CVE-2021-29955).

FPVI Firefox Exploit demo

youtube demo video

About

Rage Against The Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published