The 2021 Pwnie Nominee For Epic Achievement

Floating Point Value Injection (FPVI)

Researcher Name: Hany Ragab, Enrico Barberis, Herbert Bos and Cristiano Giuffrida (VUSEC)

Link:

Floating Point Value Injection (FPVI), is a new form of speculative execution attack on Intel processors.  It allows an attacker to inject arbitrary values into a transient execution window created by a floating-point machine clear.  The attacker triggers the execution of the exploit by performing a denormal floating-point operation in the victim application, with the x and y operands under the attacker’s control. The transient z result of the operation is processed by the subsequent instructions, leaving an observable microarchitectural trace.  Our exploit in Mozilla Firefox relies on an attacker-controlled transiently-injected floating-point value which triggers type confusion on the transient execution path (between String and Double types), allowing the attacker to transiently leak arbitrary memory locations.