I'll be the first to admit, I still don't get variant 2. I have only read it like 1/2 times (skimmed once) though. There was a lot to keep up with yesterday.https://twitter.com/scarybeasts/status/949139081933434882 …
-
-
Replying to @int10h
My naive understanding, summarized: you trick the cpu into speculatively executing ROP gadgets that happen to behave like variant-1 in a different privilege context.
1 reply 0 retweets 2 likes -
Replying to @RichFelker @int10h
I've largely ignored variant 2 because, despite having an additional interesting mechanism needed to cross cpu priv boundaries (BTB injection), it's a symptom of the same underlying speculative exec flaw.
1 reply 0 retweets 1 like
Replying to @RichFelker @int10h
Unfortunately cpu vendors are going to pretend blocking the BTB injection is a fix and that variant 1 isn't a flaw...
3:39 PM - 6 Jan 2018
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.