Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-5715 PoC — Intel和ARM CPU芯片信息泄露漏洞

Source
https://github.com/opsxcq/exploit-cve-2017-5715
Associated Vulnerability
Title:Intel和ARM CPU芯片信息泄露漏洞 (CVE-2017-5715)
Description:Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Description
Spectre exploit
Readme
# Spectre attack

![logo](logo.png)

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.

This exploit check your Linux (x64 only) for the spectre vulnerability.

# Compile

Just run `make` to compile the source code.

# Run

Execute the exploit 

```
taskset -c 1 ./exploit 

[+] Testing for Spectre
[+] Dumping memory from 0xffffffffffdfeea8 to 0xffffffffffdfeec2
[+] Dumped bytes match the expected value
[+] System vulnerable to spectre

```

# Authors

Spectre was independently discovered and reported by two people:

 * Jann Horn (Google Project Zero).
 * Paul Kocher in collaboration with, in alphabetical order, Daniel Genkin (University of Pennsylvania and University of Maryland), Mike Hamburg (Rambus), Moritz Lipp (Graz University of Technology), and Yuval Yarom (University of Adelaide and Data61).

# References

 * [Original Paper - Spectre Attacks: Exploiting Speculative Execution](https://spectreattack.com/spectre.pdf)
 * [The Intel 80x86 Processor Architecture: Pitfalls for Secure Systems](https://pdfs.semanticscholar.org/2209/42809262c17b6631c0f6536c91aaf7756857.pdf)
 * [Immunity: Intel CPU information Leak](https://www.immunityinc.com/downloads/x86leaks_old.pdf)
File Snapshot

 [4.0K]  /data/pocs/f2dc42dd89e0985358c2ca370f18ba610fb38b9a
├── [6.0K]  exploit.c
├── [ 43K]  logo.png
├── [ 176]  makefile
└── [1.4K]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →