Kasper: a tool for finding speculative-execution vulnerabilities
Kasper: a tool for finding speculative-execution vulnerabilities
[Kernel] Posted Feb 1, 2022 18:03 UTC (Tue) by corbet
The Systems and Network Security Group at Vrije Universiteit Amsterdam has announced a tool called Kasper that is able to scan the kernel source and locate speculative-execution vulnerabilities:
Namely, it models an attacker capable of controlling data (e.g., via memory massaging or value injection a la LVI), accessing secrets (e.g., via out-of-bounds or use-after-free accesses), and leaking these secrets (e.g., via cache-based, MDS-based, or port contention-based covert channels). As a result, Kasper discovered 1,379 previously unknown gadgets in the heavily-hardened Linux kernel.
The page includes a discussion of a vulnerability in the kernel's linked-list implementation as well as links to the code and the full paper. (Thanks to Paul Wise).