Re: HT Vulnerability CAN-2005-0109

All of lore.kernel.org
 help / color / mirror / Atom feed

From: David Hopwood <david.nospam.hopwood@blueyonder.co.uk>
To: xen-devel@lists.xensource.com
Subject: Re: HT Vulnerability CAN-2005-0109
Date: Thu, 19 May 2005 00:09:21 +0100	[thread overview]
Message-ID: <428BCB21.7020909@blueyonder.co.uk> (raw)
In-Reply-To: <200505181548.48629.mark.williamson@cl.cam.ac.uk>

Mark Williamson wrote:
>>Just stumbled on /. upon CAN-2005-0109 and wonder if xen is affected:
>>
>>  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0109>
>>  <http://www.daemonology.net/hyperthreading-considered-harmful/>
> 
> This vulnerability could (in principle) affect isolation between Xen VMs.  
> It's not clear how exploitable it is, though.

It's clear that it is very exploitable.

> Covert channels will *always* be there.

Yes. As you say, the problem is the side channel attack, not the covert
channel.

> Someone has yet to release code that'll actually exploit these theoretical 
> holes, so it's not clear how big a problem is in practice.

Huh? That sounds like something I would expect to hear from a Microsoft
marketroid. The paper includes code for the side channel attack (Figure 1
in <http://www.daemonology.net/papers/htt.pdf>), and even if it didn't, it
would be easy to replicate.

-- 
David Hopwood <david.nospam.hopwood@blueyonder.co.uk>

next prev parent reply	other threads:[~2005-05-18 23:09 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-05-18 14:43 HT Vulnerability CAN-2005-0109 Nils Toedtmann
2005-05-18 14:48 ` Mark Williamson
2005-05-18 23:09   ` David Hopwood [this message]
2005-05-19  2:46     ` Mark Williamson
2005-05-19 10:33       ` Nils Toedtmann
2005-05-19 17:45       ` David Hopwood
2005-06-01 14:01         ` Mark Williamson
2005-06-02 16:41           ` David Hopwood
2005-06-03 13:38             ` Mark Williamson
  -- strict thread matches above, loose matches on Subject: below --
2005-05-18 15:27 Jonathan S. Shapiro
2005-05-18 16:44 ` Mark Williamson
2005-05-18 16:53   ` Jonathan S. Shapiro
2005-05-18 17:14     ` Mark Williamson
2005-05-19 10:59 Ian Pratt
2005-05-19 12:55 ` Nils Toedtmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=428BCB21.7020909@blueyonder.co.uk \
    --to=david.nospam.hopwood@blueyonder.co.uk \
    --cc=xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.