

Proof-of-concept exploit: Intel CPU cache poisoning - yungchin
http://theinvisiblethings.blogspot.com/2009/03/attacking-smm-memory-via-intel-cpu.html

======
markup
Bug has been reported by Intel's own employees and by researches since 2006,
it seems.

Paper here:
[http://invisiblethingslab.com/resources/misc09/smm_cache_fun...](http://invisiblethingslab.com/resources/misc09/smm_cache_fun.pdf)
Code here: <http://invisiblethingslab.com/resources/misc09/o68-2.tgz>

------
iperry
A quick skim of the paper reveals a relatively short and simple attack, but
its implications are huge. Code running in SMM mode can literally do anything
it wants, and even kernel level code will find it incredibly difficult or
possibly even impossible to tell if it has been subverted by malicious SMM
code.

