https://blog.qife122.com/tags/%E5%B9%BD%E7%81%B5%E6%BC%8F%E6%B4%9E/ Recent content in 幽灵漏洞 on 办公AI智能小助手 Hugo zh-cn qife Sat, 20 Sep 2025 11:30:14 +0800 https://blog.qife122.com/p/%E6%B7%B1%E5%85%A5%E8%A7%A3%E6%9E%90%E5%B9%BD%E7%81%B5%E6%BC%8F%E6%B4%9Espectre%E5%8F%98%E7%A7%8D1%E4%B8%8E%E5%8F%98%E7%A7%8D2%E6%8A%80%E6%9C%AF%E5%8E%9F%E7%90%86%E4%B8%8E%E5%BD%B1%E5%93%8D/ Sat, 20 Sep 2025 11:30:14 +0800 https://blog.qife122.com/p/%E6%B7%B1%E5%85%A5%E8%A7%A3%E6%9E%90%E5%B9%BD%E7%81%B5%E6%BC%8F%E6%B4%9Espectre%E5%8F%98%E7%A7%8D1%E4%B8%8E%E5%8F%98%E7%A7%8D2%E6%8A%80%E6%9C%AF%E5%8E%9F%E7%90%86%E4%B8%8E%E5%BD%B1%E5%93%8D/ <h1 id="幽灵漏洞spectre变种1与变种2技术解析">幽灵漏洞（Spectre）变种1与变种2技术解析</h1> <h2 id="spectre变种1">Spectre（变种1）</h2> <p>幽灵漏洞的第一个变种允许程序读取其本无权访问的内存。Spectre V1攻击之所以可能，是因为分支预测和推测执行这两种优化的结合。Spectre V1攻击欺骗条件分支预测器跳过安全检查，并在错误的上下文中推测执行指令。这些推测执行指令的效果通过缓存计时侧信道可见。</p> https://blog.qife122.com/p/%E6%B7%B1%E5%85%A5%E8%A7%A3%E6%9E%90%E5%B9%BD%E7%81%B5%E6%BC%8F%E6%B4%9Espectrev1%E4%B8%8Ev2%E5%88%A9%E7%94%A8%E9%A2%84%E6%B5%8B%E6%89%A7%E8%A1%8C%E4%B8%8E%E7%BC%93%E5%AD%98%E4%BE%A7%E4%BF%A1%E9%81%93%E7%9A%84%E6%94%BB%E5%87%BB%E5%8E%9F%E7%90%86/ Sat, 20 Sep 2025 05:10:09 +0800 https://blog.qife122.com/p/%E6%B7%B1%E5%85%A5%E8%A7%A3%E6%9E%90%E5%B9%BD%E7%81%B5%E6%BC%8F%E6%B4%9Espectrev1%E4%B8%8Ev2%E5%88%A9%E7%94%A8%E9%A2%84%E6%B5%8B%E6%89%A7%E8%A1%8C%E4%B8%8E%E7%BC%93%E5%AD%98%E4%BE%A7%E4%BF%A1%E9%81%93%E7%9A%84%E6%94%BB%E5%87%BB%E5%8E%9F%E7%90%86/ <h1 id="幽灵漏洞spectre变体1与变体2技术解析">幽灵漏洞（Spectre）变体1与变体2技术解析</h1> <h2 id="spectre变体1">Spectre（变体1）</h2> <p>幽灵漏洞变体1允许程序读取其本无权访问的内存。Spectre V1攻击之所以可行，是因为分支预测和预测执行两种优化的结合。攻击通过欺骗条件分支预测器跳过安全检查，在错误上下文中预测执行指令，再通过缓存计时侧信道观察这些指令的效果。</p>