Post Syndicated from original https://lwn.net/Articles/883448/rss

The Systems and Network Security Group at Vrije Universiteit Amsterdam has
announced a tool called
Kasper that is able to scan the kernel source and locate
speculative-execution vulnerabilities:

Namely, it models an attacker capable of controlling data (e.g.,
via memory massaging or value injection a la LVI), accessing
secrets (e.g., via out-of-bounds or use-after-free accesses), and
leaking these secrets (e.g., via cache-based, MDS-based, or port
contention-based covert channels). As a result, Kasper discovered
1,379 previously unknown gadgets in the heavily-hardened Linux
kernel.

The page includes a discussion of a vulnerability in the kernel’s
linked-list implementation as well as link to the code and the full
paper. (Thanks to Paul Wise).