The RIDL and Fallout speculative execution attacks allow attackers to leak confidential data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your information to malicious websites.
[...] RIDL (Rogue In-Flight Data Load) shows attackers can exploit MDS (Microarchitectural Data Sampling) vulnerabilities to mount practical attacks and leak sensitive data in real-world settings.
[....] Fallout demonstrates that attackers can leak data from Store Buffers, which are used every time a CPU pipeline needs to store any data. Making things worse, an unprivileged attacker can then later pick which data they leak from the CPU's Store Buffer.
(Score: 0) by Anonymous Coward on Wednesday May 15 2019, @12:27PM (2 children)
Will there be software fixes? (yes, microcode and OS). Does it affect AMD, or ARM? (no, at least not yet). How much performance will it cost? (no idea). Do you need to disable hyperthreading? (Yes, at least for some CPUs). How serious is this really? (Intel says not too bad, others say it's serious). Is it remotely exploitable? (Yes, via webpage Javascript; not necessarily otherwise).
(Score: 0) by Anonymous Coward on Wednesday May 15 2019, @12:42PM (1 child)
I got an Intel Microcode update yesterday for my Linux Mint system; I'd guess this is the reason (I unfortunately didn't think of checking what it fixes before installing, and I have no idea how to access that information afterwards).
(Score: 2) by rigrig on Wednesday May 15 2019, @04:52PM
$ apt changelog intel-microcode
No one remembers the singer.