[atq2119]

I found the paper interesting in that I hadn't heard of cache way prediction before, but I kind of have to agree with AMD's assessment here.

The attacks outlined in the paper all take the form of setting up an L1 cache structure in some way to induce collisions with other threads (or with the kernel running in the same thread), and then measure when collisions occurred in order to deduce bits of the memory addresses accessed by the other thread (or the kernel).

This type of attack has been known for a long time: you can do it just by making sure to evict all of the other thread's cache lines. It seems to be generally agreed upon that it is software's responsibility to guard against this kind of attack.

What's new in the paper is that instead of just bits 6 to 11, additional bits of the virtual memory addresses accessed by the other thread can be leaked. That's an interesting result, but I find it questionable how critical it is in practice. Making it easier to break ASLR feels like the biggest potential problem here, and I'm not sure it really is one.