Results for Kernel Virtual Address Shadow

Threat Research

A Deep Dive Analysis of Microsoft’s Kernel Virtual Address Shadow Feature

One of the key features of Microsoft‘s patches is the “Kernel Virtual Address Shadow” (a term coined by Microsoft), or KVAS for short. This feature effectively blocks the Meltdown attack, as it leaves very little kernel memory accessible to user mode code. In this blog post we provide a deep dive analysis of this feature.

By Minh TranJanuary 25, 2018