[RndTbl] new Spectre-type flaws

Trevor Cordes trevor at tecnopolis.ca
Thu May 16 01:52:39 CDT 2019


The gift that *still* keeps on giving... to infinity and beyond!

https://access.redhat.com/security/vulnerabilities/mds

Short: new "MDS" Microarchitectural Data Sampling class of flaws regarding
writes and reads to CPU cache due to separate store-address and store-data
sub-operations and shared buffer space (much like TLB in other flaws).

Sounds like some of these might be even easier to exploit than Spectre:
like MFBDS, which might not even require a "widget".

Interesting these flaws all have a CVE from 2018... these have been known
(but kept quiet) for a while.

All our computers made slower in ... 3 ... 2 ... 1


More information about the Roundtable mailing list