Pawel Wieczorkiewicz
@wipawel
Followers
1K
Following
2K
Media
12
Statuses
983
Low Level Security: CPUs, Kernels, Hypervisors and the like. I mostly break stuff. Offensive side of things.
Oława gmina, Polska
Joined January 2013
Sometimes it really is a cpu bug 😂 A weird AVX512 bug on Zen 4 (Genoa) just got officially confirmed as erratum 1514 in the latest spec update. There's a workaround/chicken bit too. My testcase: https://t.co/bbpia3vX1U
5
39
263
However, using its internal ROM patching mechanism allowing controlling execution of each ROM instruction and post-execution analysis of output register context we reconstructed all the PCU 96kb ROM!
1
2
13
Without ASI (what KERNSEAL achieves on top of much more), they're still in the same situation they were in in 2018. Something causes someone to review the code for Spectre gadgets, they fix some, then new ones get added by someone later. Rinse/repeat.
1
1
4
I don’t understand what’s the fuss about. This looks like old news to me. I exploited hypervisors using this technique back in 2018/2019. Just use @grsecurity KERNSEAL and forget about this kind of problems.
0
4
12
Vulnerability introduced into the upstream 5.15 and 6.6 LTS (and maybe others), another instance of turning mitigations into no-ops :\
1
2
9
Another small demo, using the gadget from https://t.co/gQBpqheZIH I revert the upstream 2023 fix and show Respectre handling the half Spectre gadget:
1
1
12
IEEE SecDev 2025 @ieeesecdev (Practitioner Session) CFP is open until May 30th. This is the ideal mix between academic and industry session, with very short paper lenght requirements (2 pages) and a very pragmatic commitee. Work in progress projects and idea discussions are
0
8
13
So, what is Intel CSME full hack (without any recovery possibility) - it is manual calculation of Chipset Key
3
12
103
Our critical analysis of Intel CSME security architecture
🔥 Last barrier destroyed: The compromise of Fuse Encryption Key in Intel CPUs! Full story by our researcher @_markel___
https://t.co/bOpUh9E9XB
0
11
77
We are looking for a PhD student intern this summer to research optimal heuristics for a new feature of ours that provides finer-grained, context-aware control over fragmentation in the Linux buddy allocator. Fully remote, please email hiring@ if interested.
0
16
35
You can now jailbreak your AMD CPU! 🔥We've just released a full microcode toolchain, with source code and tutorials.
bughunters.google.com
This blog post covers the full details of EntrySign, the AMD Zen microcode signature validation vulnerability recently discovered by the Google Security team.
40
532
2K
Proactively backporting bugs to be able to apply a fix. That’s Engineering with a capital E.
These 6.6 backports today are funny. Backporting commits that weren't marked for stable and don't belong in stable, but because some AI picked up a crash fix, they backport multiple patches to backport the bug ("stable deps"), and then the fix for it.
0
0
6
So reachable WARNs get auto-CVE'd by the Linux CNA purely from the possibility of panic_on_warn, a reachable BUG() reported by a researcher needs an essay on threat models before anyone does anything with it. 🤔
2
2
9
Blog post I wrote about an unexpectedly vulnerability we discovered in the TCP subsystem of the Linux kernel. This one is interesting because it can lead to a UAF even with the reference counter saturation mechanism present. I hope you enjoy it.
While working on a nday vulnerability research project, we stumbled upon a vulnerability in the core of the TCP subsystem of the Linux kernel. We reported it upstream, which was fixed in May of last year. This blog post shares how we came across it and our vulnerability analysis.
3
13
91
https://t.co/JE68XbHamM Our newest research project is finally public! We can load malicious microcode on Zen1-Zen4 CPUs!
github.com
### Summary Google Security Team has identified a security vulnerability in some AMD Zen-based CPUs. This vulnerability allows an adversary with local administrator privileges (ring 0 from outside...
13
282
811
Analyzing and Exploiting Branch Mispredictions in Microcode
0
12
47