2018-01-04 - postponed fireworks?

looks like the real new year's eve fireworks have been postponed to the January the 3rd – two new security attacks on CPUs have just been released. yes – CPUs. the hardware part – not the software!

looks like we're having a side-channel attack here, that allows to leak information on the parts of the memory, normally inaccessible to the “attacking” process. the thing is ingenious… and terrifying in results.

one of the variants is exploiting the fact, that speculative instruction execution can load memory regions into cache, even if the actual regions would not be normally accessible to the process. TL;DR. when processor “rollbacks” results of a branch misprediction, cached (prefetched) content remains, and this fact can be used to extract content of the original part, using side-channel and timing attacks.

stay tuned for incoming patches, that are designed to minimize the impact… but hit performance, as each kernel-space ↔ user-space transition will now be associated with extra performance penalty. hopefully next generation of CPUs will not have the problem, and we can restore the performance “back to normal”.

with row hammer in pair, the next PC shall have some new series of “patched” CPUs (so that kernels can be restored to faster variants) and ECC memory!