New Micro-Op Cache Vulnerability Evades All Previous Fixes For Spectre-Like Attacks

ffkom writes: Modern x86 and ARM CPUs translate opcodes into ops, which are usually stored in a cache of their own for later re-use. Researchers from the university of Virginia have found a way to exploit this for side-channel attacks, where malicious code exfiltrates information from other processes or virtual machines based on measurable characteristics of the op-cache state, which they describe in their scientific paper.. This side-channel attack evades all previous fixes for SPECTRE-like attacks, and poses yet another difficult-to-address risk to all software that runs on CPUs that are used by possibly malicious code at the same time — like code running on other people’s computers (“the cloud”) or code running on CPUs that at the same time run “sandboxes” with code from some untrusted sources on the Internet.

Read more of this story at Slashdot.

Source link