aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRemko Lodder <remko@FreeBSD.org>2013-07-26 11:06:44 +0000
committerRemko Lodder <remko@FreeBSD.org>2013-07-26 11:06:44 +0000
commit4155837099d744b843c941fa63f3c6be07917b09 (patch)
treedf44b4b6d1cd4ab5a56901f5f7f2628a1f8d2390
parentb9cf42305004edcd8f6467ced5afa0861a544eff (diff)
Notes
-rw-r--r--security/vuxml/vuln.xml27
1 files changed, 14 insertions, 13 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 083257f851ca..ff7d72e2c431 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -61,29 +61,30 @@ Note: Please add new entries to the beginning of this file.
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
- <p>Yarom and Falkner paper reports:</p>
+ <p>A Yarom and Falkner paper reports:</p>
<blockquote cite="http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html">
<p>Flush+Reload is a cache side-channel attack that monitors access to
- data in shared pages. In this paper we demonstrate how to use the
- attack to extract private encryption keys from GnuPG. The high
- resolution and low noise of the Flush+Reload attack enables a spy
- program to recover over 98% of the bits of the private key in a
- single decryption or signing round. Unlike previous attacks, the
- attack targets the last level L3 cache. Consequently, the spy
- program and the victim do not need to share the execution core of
- the CPU. The attack is not limited to a traditional OS and can be
- used in a virtualised environment, where it can attack programs
- executing in a different VM..</p>
+ data in shared pages. In this paper we demonstrate how to use the
+ attack to extract private encryption keys from GnuPG. The high
+ resolution and low noise of the Flush+Reload attack enables a spy
+ program to recover over 98% of the bits of the private key in a
+ single decryption or signing round. Unlike previous attacks, the
+ attack targets the last level L3 cache. Consequently, the spy
+ program and the victim do not need to share the execution core of
+ the CPU. The attack is not limited to a traditional OS and can be
+ used in a virtualised environment, where it can attack programs
+ executing in a different VM.</p>
</blockquote>
</body>
</description>
<references>
- <url>http://eprint.iacr.org/2013/448</url>
- <url>http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html</url>
+ <url>http://eprint.iacr.org/2013/448</url>
+ <url>http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html</url>
</references>
<dates>
<discovery>2013-07-18</discovery>
<entry>2013-07-25</entry>
+ <modified>2013-07-26</modified>
</dates>
</vuln>