Path: ...!news.nobody.at!news.mb-net.net!open-news-network.org!news.gegeweb.eu!gegeweb.org!nntp.terraraq.uk!.POSTED.tunnel.sfere.anjou.terraraq.org.uk!not-for-mail
From: Richard Kettlewell <invalid@invalid.invalid>
Newsgroups: comp.os.linux.misc
Subject: Re: Uh Oh - NEW Data Leak Found in Intel Processors
Date: Thu, 22 May 2025 21:16:25 +0100
Organization: terraraq NNTP server
Message-ID: <wwvbjrkbduu.fsf@LkoBDZeT.terraraq.uk>
References: <RvGcnU7Jx9kn8LP1nZ2dnZfqn_idnZ2d@giganews.com>
	<100mk8v$asqc$1@news1.tnib.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: innmantic.terraraq.uk; posting-host="tunnel.sfere.anjou.terraraq.org.uk:172.17.207.6";
	logging-data="106197"; mail-complaints-to="usenet@innmantic.terraraq.uk"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
Cancel-Lock: sha1:wwsNq6O6Acm/ZfPJMey1Cz/UNmI=
X-Face: h[Hh-7npe<<b4/eW[]sat,I3O`t8A`(ej.H!F4\8|;ih)`7{@:A~/j1}gTt4e7-n*F?.Rl^
     F<\{jehn7.KrO{!7=:(@J~]<.[{>v9!1<qZY,{EJxg6?Er4Y7Ng2\Ft>Z&W?r\c.!4DXH5PWpga"ha
     +r0NzP?vnz:e/knOY)PI-
X-Boydie: NO
Bytes: 2075
Lines: 20

Marc Haber <mh+usenetspam1118@zugschl.us> writes:
> c186282 <c186282@nnada.net> wrote:
>>https://scitechdaily.com/intels-memory-leak-nightmare-5000-bytes-per-second-in-the-hands-of-hackers/
>>The flaw allows attackers to break down barriers between
>>users sharing the same processor, potentially accessing
>>private data stored in memory.
>
> This is only really relevant for the cloud providers, where multiple
> tenants run code concurrently on the same CPU. It is totally
> irrelevant for home users, and only partially relevant for on-prem
> virtualizsation ("private cloud").

I don’t think that’s correct. The BPRC attack breaches user/kernel,
guest/host and application-internal boundaries (i.e. it undermines
IBPB). Much wider impact than cloud service providers.

https://comsec.ethz.ch/wp-content/files/bprc_sec25.pdf
is the full paper.

-- 
https://www.greenend.org.uk/rjk/