| Deutsch English Français Italiano |
|
<2024Jul25.124828@mips.complang.tuwien.ac.at> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: anton@mips.complang.tuwien.ac.at (Anton Ertl) Newsgroups: comp.arch Subject: Re: YASV (Yet Another Security Vulnearability) Date: Thu, 25 Jul 2024 10:48:28 GMT Organization: Institut fuer Computersprachen, Technische Universitaet Wien Lines: 23 Message-ID: <2024Jul25.124828@mips.complang.tuwien.ac.at> References: <v7rqbf$1ta84$1@dont-email.me> Injection-Date: Thu, 25 Jul 2024 12:58:57 +0200 (CEST) Injection-Info: dont-email.me; posting-host="727fe2cbfbc5aa2330e92c1788433fc3"; logging-data="2378429"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18TNY4AyS87c8s6D5loT2JK" Cancel-Lock: sha1:brs8m9iTtZCNdfnc5c39IoIdoTQ= X-newsreader: xrn 10.11 Bytes: 1891 Thomas Koenig <tkoenig@netcologne.de> writes: >This time, it's "Indirector". > >https://thehackernews.com/2024/07/new-intel-cpu-vulnerability-indirector.html This article is devoid of any useful information, except that if one looks closely, one finds a link to the page by the authors of the work: https://indirector.cpusec.org/ My understanding is that it actually is not a new vulnerability, but instead more work on Spectre v2: They reverse engineered how indirect branch predictors and BTBs work in current Intel processors. In the page, they write that they used this knowledge "to breach security boundaries across diverse scenarios". OTOH, Intel claims that "no new mitigations or guidance is required" <https://www.intel.com/content/www/us/en/security-center/announcement/intel-security-announcement-2024-07-02-001.html>. - anton -- 'Anyone trying for "industrial quality" ISA should avoid undefined behavior.' Mitch Alsup, <c17fcd89-f024-40e7-a594-88a85ac10d20o@googlegroups.com>