"ZombieLoad": a new set of speculative-execution attacks
"ZombieLoad": a new set of speculative-execution attacks
[Security] Posted May 14, 2019 18:27 UTC (Tue) by corbet
The curtain has finally been lifted on the latest set of speculative-execution vulnerabilities. This one has the delightful name of ZombieLoad; it is also known as "microarchitectural data sampling", but what's the fun in that? Various x86 processors stash data into hidden buffers that can, in some cases, be revealed via speculative execution. Exploits appear to be relatively hard. See this page from the kernel documentation for a fairly detailed description of the problem, and this page for mitigation information.