Google has published a blog post about Today's CPU vulnerability, identified via Project Zero. https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
There's also a much more detailed post than I will ever understand published by Project Zero: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
@crschmidt The core exploit, as I understand it:
1. Trigger speculative execution of two things: a read of out-of-bounds memory, and a read of in-bounds memory from a location offset by the speculative out-of-bounds read.
2. Speculation fails, register state gets thrown out, no harm, no foul.
3. However, the in-bounds memory that was read is now in the CPU cache, and which of the potential in-bounds memory locations loads faster gives you what the out-of-bounds value was.
@abe The Project Zero post certainly is long enough to make it seem like it should be more complex than that, but that is relatively straightforward even for me!
@crschmidt There are a lot of steps between "hey I wonder if you could leak side-channel data out of speculative execution" and "we have code that can run in one VM and read memory of another VM"; that's where the bulk of the Project Zero post is.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!