Basically it seems their engineering teams have, until now, considered it acceptable to have known-to-fault instructions operate on *complete garbage*, ignoring *all* privilege rules, as long as they will never retire.
Show this thread
TL;DR on ZombieLoad: this is like L1TF, where the CPU is using "garbage" data during a fault instead of coercing to zero (except here it's data instead of addresses). It seems this is pervasive problem class across the design of Intel CPUs, not just a single instance.
-
-
-
This is, of course, completely insane from a security perspective, and given that we're now acutely aware of speculation attacks, represents *many* different opportunities for leakage. L1TF and ZombieLoad are on a completely different class from Spectre/Meltdown.
Show this thread -
So my recommendation at this point would be to avoid Intel CPUs for several years if you care about this sort of thing, and OSes *need* to implement hyperthread pair privilege boundary separation, since that's most of the attack surface.
Show this thread
End of conversation
New conversation -
-
-
For a second, I thought this was gonna be a metaphor explaining how CPUs work by comparing it to stuff from Zombieland Saga
-
I should watch that show...
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.