Google has published a blog post about Today's CPU vulnerability, identified via Project Zero.

@crschmidt The core exploit, as I understand it:
1. Trigger speculative execution of two things: a read of out-of-bounds memory, and a read of in-bounds memory from a location offset by the speculative out-of-bounds read.
2. Speculation fails, register state gets thrown out, no harm, no foul.
3. However, the in-bounds memory that was read is now in the CPU cache, and which of the potential in-bounds memory locations loads faster gives you what the out-of-bounds value was.

@abe The Project Zero post certainly is long enough to make it seem like it should be more complex than that, but that is relatively straightforward even for me!

@crschmidt There are a lot of steps between "hey I wonder if you could leak side-channel data out of speculative execution" and "we have code that can run in one VM and read memory of another VM"; that's where the bulk of the Project Zero post is.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!