Check out our Monthly Survey Page to see what our users are running.
We do often include affiliate links to earn us some pennies. See more here.

VUSec have published and shown an example of a newly discovered flaw present with both Intel and AMD processors when used with Linux.

BlindSide allows attackers to “hack blind” in the Spectre era. That is, given a simple buffer overflow in the kernel and no additional info leak vulnerability, BlindSide can mount BROP-style attacks in the speculative execution domain to repeatedly probe and derandomize the kernel address space, craft arbitrary memory read gadgets, and enable reliable exploitation. 

It's quite a wide-reaching security issue too which they mentioned testing being successful across Intel Skylake, Kaby Lake and Coffee Lake microarchitectures and additionally AMD Zen+ and Zen2 microarchitectures with their testing overcoming the latest mitigations too.

Going by what they said in the full paper, the issue is present in the Linux Kernel from v3.19 up to v5.8 so that's potentially a lot of systems. They said it means that "an attacker armed with a write vulnerability can perform BlindSide attacks on a wide range of recent production Linux kernel versions even when blind to the particular kernel version".

They showed off a demo of it in action too:

YouTube Thumbnail
YouTube videos require cookies, you must accept their cookies to view. View cookie preferences.
Accept Cookies & Show   Direct Link

The conclusion of their paper:

We presented BlindSide, a new exploitation technique that leverages an underexplored property of speculative execution (i.e., crash/execution suppression) to craft speculative probing primitives and lower the bar for software exploitation. We showed our primitives can be used to mount powerful, stealthy BROP-style attacks against the kernel with a single memory corruption vulnerability, without crashes and bypassing strong Spectre/randomization-based mitigations.

As always, ensure you're regularly checking for updates. It's better to be up to date and safe, than think some specific situations won't apply to you. Better safe than sorry.

You can see the full paper here and their blog post here. Hat tip to Phoronix.

Article taken from GamingOnLinux.com.
18 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. Find me on Mastodon.
See more from me
The comments on this article are closed.
14 comments
Page: «2/2
  Go to:

GustyGhost Sep 13, 2020
Quoting: 3zekielYeah, Hangover is also based on qemu user mode. If it works that's very cool :)
For me, I think games are art, as such, they don't really enter the "proprietary software" category. For the privacy part, I run steam in a sandbox.
I'm way more concerned with what "ring -1" stuff my CPU runs behind my back, because no sandbox and pretty much no analysis can save you from that ...
I'm just concerned by how usable the platform would be (Power based I mean).

Being totally open, here are the hurdles that I hit moving from Debian amd64 to Debian ppc64le:

1. Some Debian packages I use were not yet buildable for PowerPC (the PowerPC repository has successful builds for 95% of packages, compared to x86), so I must build the programs for source for now.

2. Firefox had to be updated to 68 before it was fully usable. This was only a problem for Debian 10.0 and 10.1.

3. Only the cli (whiptail "GUI") installer is available on the ppc64le image, although I always install from cli anyway. This might be an issue for most others however.
14 Sep 13, 2020
View PC info
  • Supporter Plus
People are saying to stay up to date, but I don't see any patches announced in response to BlindSide.
Purple Library Guy Sep 13, 2020
Quoting: 3zekiel
Quoting: GustyGhost
Quoting: 3zekielActually, can you run steam games on powerpc with qemu usermod ?

Or a Wine accompaniment program called Hangover, IIRC. Although I don't personally have any interest in running proprietary gaming software.

Yeah, Hangover is also based on qemu user mode. If it works that's very cool :)
For me, I think games are art, as such, they don't really enter the "proprietary software" category.
Yeah, I'm at least partly on board with this position. That said, a corollary is that it's a very good idea for game engines to be open source. Go Go Godot!
Koopacabras Sep 13, 2020
Quoting: 14People are saying to stay up to date, but I don't see any patches announced in response to BlindSide.
I suppose the guy/s that discovered the vulnerability warned kernel developers beforehand, that's standard practices.... so a patch should come soon?
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.