|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] HT Vulnerability CAN-2005-0109
Mark Williamson wrote: Just stumbled on /. upon CAN-2005-0109 and wonder if xen is affected: <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0109> <http://www.daemonology.net/hyperthreading-considered-harmful/>This vulnerability could (in principle) affect isolation between Xen VMs. It's not clear how exploitable it is, though. It's clear that it is very exploitable. Covert channels will *always* be there. Yes. As you say, the problem is the side channel attack, not the covert channel. Someone has yet to release code that'll actually exploit these theoretical holes, so it's not clear how big a problem is in practice. Huh? That sounds like something I would expect to hear from a Microsoft marketroid. The paper includes code for the side channel attack (Figure 1 in <http://www.daemonology.net/papers/htt.pdf>), and even if it didn't, it would be easy to replicate. -- David Hopwood <david.nospam.hopwood@xxxxxxxxxxxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |