English

Reviving Meltdown 3a

Cryptography and Security 2023-10-09 v1

Abstract

Since the initial discovery of Meltdown and Spectre in 2017, different variants of these attacks have been discovered. One often overlooked variant is Meltdown 3a, also known as Meltdown-CPL-REG. Even though Meltdown-CPL-REG was initially discovered in 2018, the available information regarding the vulnerability is still sparse. In this paper, we analyze Meltdown-CPL-REG on 19 different CPUs from different vendors using an automated tool. We observe that the impact is more diverse than documented and differs from CPU to CPU. Surprisingly, while the newest Intel CPUs do not seem affected by Meltdown-CPL-REG, the newest available AMD CPUs (Zen3+) are still affected by the vulnerability. Furthermore, given our attack primitive CounterLeak, we show that besides up-to-date patches, Meltdown-CPL-REG can still be exploited as we reenable performance-counter-based attacks on cryptographic algorithms, break KASLR, and mount Spectre attacks. Although Meltdown-CPL-REG is not as powerful as other transient-execution attacks, its attack surface should not be underestimated.

Cite

@article{arxiv.2310.04192,
  title  = {Reviving Meltdown 3a},
  author = {Daniel Weber and Fabian Thomas and Lukas Gerlach and Ruiyi Zhang and Michael Schwarz},
  journal= {arXiv preprint arXiv:2310.04192},
  year   = {2023}
}

Comments

published at ESORICS 2023

R2 v1 2026-06-28T12:42:30.603Z