|
|
|
|
|
|
by _chris_
2927 days ago
|
|
|
> So... they "strongly suspect" (but don't know and haven't shown) there may be a Spectre-class bug enabled by current HT implementations Spectre is about a) leaving side-effects of misspeculation in shared resources, and b) bandwidth contention (between a misspeculated instruction stream and an attacker) to shared resources. It is trivially obvious that HT exacerbates Spectre-class bugs, as the entire raison d'ĂȘtre to HT is to share pipeline resources. How quickly information can be leaked can be up for debate, but it's definitely non-zero. |
|
|