Kasper: a tool for finding speculative-execution vulnerabilities

The Systems and Network Security Group at Vrije Universiteit Amsterdam hasannounced a tool calledKasper that is able to scan the kernel source and locatespeculative-execution vulnerabilities:

Namely, it models an attacker capable of controlling data (e.g.,via memory massaging or value injection a la LVI), accessingsecrets (e.g., via out-of-bounds or use-after-free accesses), andleaking these secrets (e.g., via cache-based, MDS-based, or portcontention-based covert channels). As a result, Kasper discovered1,379 previously unknown gadgets in the heavily-hardened Linuxkernel.

The page includes a discussion of a vulnerability in the kernel'slinked-list implementation as well as links to the code and the fullpaper. (Thanks to Paul Wise).