|
|
|
|
|
|
|
|
|
|
xen-devel
Re: [Xen-devel] HT Vulnerability CAN-2005-0109
Mark Williamson wrote:
Just stumbled on /. upon CAN-2005-0109 and wonder if xen is affected:
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0109>
<http://www.daemonology.net/hyperthreading-considered-harmful/>
This vulnerability could (in principle) affect isolation between Xen VMs.
It's not clear how exploitable it is, though.
It's clear that it is very exploitable.
Covert channels will *always* be there.
Yes. As you say, the problem is the side channel attack, not the covert
channel.
Someone has yet to release code that'll actually exploit these theoretical
holes, so it's not clear how big a problem is in practice.
Huh? That sounds like something I would expect to hear from a Microsoft
marketroid. The paper includes code for the side channel attack (Figure 1
in <http://www.daemonology.net/papers/htt.pdf>), and even if it didn't, it
would be easy to replicate.
--
David Hopwood <david.nospam.hopwood@xxxxxxxxxxxxxxxx>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|