exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Cristiano Giuffrida

GhostRace: Exploiting And Mitigating Speculative Race Conditions

Posted Mar 13, 2024

Authored by Cristiano Giuffrida, Anil Kurmus, Hany Ragab, Andrea Mambretti | Site download.vusec.net

Race conditions arise when multiple threads attempt to access a shared resource without proper synchronization, often leading to vulnerabilities such as concurrent use-after-free. To mitigate their occurrence, operating systems rely on synchronization primitives such as mutexes, spinlocks, etc. In this paper, the authors present GhostRace, the first security analysis of these primitives on speculatively executed code paths. Their key finding is that all the common synchronization primitives can be microarchitecturally bypassed on speculative paths, turning all architecturally race-free critical regions into Speculative Race Conditions (SRCs).

tags | paper, vulnerability

advisories | CVE-2024-2193

SHA-256 | e0d3a753ac273a430c317cd67e808c20b6cdd914b31b24e71450d5fb4ad420af

Download | Favorite | View

SMASH: Synchronized Many-Sided Rowhammer Attacks From JavaScript

Posted Apr 15, 2021

Authored by Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Pietro Frigo, Emanuele Vannacci, Finn de Ridder

In this paper, the authors show that under realistic assumptions, it is indeed possible to bypass TRR directly from JavaScript, allowing attackers to exploit the resurfaced Rowhammer bug inside the browser. In addition, their analysis reveals new requirements for practical TRR evasion. For instance, they discovered that activating many rows in rapid succession as shown in TRRespass may not always be sufficient to produce bit flips. The scheduling of DRAM accesses also plays an important role.

tags | paper, javascript

SHA-256 | 47dfe422ce30e7bc84f40aade82f759d07d143dca97cf56e443b984812de680a

Download | Favorite | View