Researcher Name: Hany Ragab, Enrico Barberis, Herbert Bos and Cristiano Giuffrida
Link:
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-29955
- https://www.vusec.net/projects/fpvi-scsb/
CVE: MOZILLA – CVE-2021-29955, INTEL – CVE-2021-0086, AMD – CVE-2021-26314
Floating Point Value Injection (FPVI) allows an attacker to inject arbitrary values into a transient execution window created by a floating-point machine clear.
This attack performs a denormal floating-point operation in the victim application, with the x and y operands under the attacker’s control. The transient z result of the operation is processed by the subsequent instructions, leaving an observable microarchitectural trace. A single floating-point operation can compromise the whole hardware-software stack from JavaScript running in Firefox.