https://twitter.com/_markel___/status/1373059797155778562
Wow, we (+@h0t_max and @_Dmit) have found two undocumented x86 instructions in Intel CPUs which completely
control microarchitectural state (yes, they can modify microcode)
https://twitter.com/_markel___/status/1373059799307390981
They're decoded in all modes (even in User Mode) but the ucode in MSROM
throws #UD if not in Red Unlocked state. All details a little later...
挖出了Intel有未被記載公開的指令可以直接修改microcode怎麼執行
所以理論上可以透過這兩個指令 直接底層修改指令怎麼執行
(當然這是很底層的東西 但就是個漏洞 有可能直接變更怎麼拆解CISC指令成microcode)
晚點他會有更多資訊公布
----
我也不是很確定這有多大影響 也請指證有搞錯/翻譯錯的地方
--
Wow, we (+@h0t_max and @_Dmit) have found two undocumented x86 instructions in Intel CPUs which completely
control microarchitectural state (yes, they can modify microcode)
https://twitter.com/_markel___/status/1373059799307390981
They're decoded in all modes (even in User Mode) but the ucode in MSROM
throws #UD if not in Red Unlocked state. All details a little later...
挖出了Intel有未被記載公開的指令可以直接修改microcode怎麼執行
所以理論上可以透過這兩個指令 直接底層修改指令怎麼執行
(當然這是很底層的東西 但就是個漏洞 有可能直接變更怎麼拆解CISC指令成microcode)
晚點他會有更多資訊公布
----
我也不是很確定這有多大影響 也請指證有搞錯/翻譯錯的地方
--
All Comments