|
|
|
|
|
|
by hashstring
403 days ago
|
|
|
Both exploit Spectre V2, but in different ways. My takeaway: Training Solo:
- Enter the kernel (and switch privilege level) and “self train” to mispredict branches to a disclosure gadget, leak memory. Branch predictor race conditions:
- Enter the kernel while your trained branch predictor updates are still in flight, causing the updates to be associated with the wrong privilege level. Again, use this to redirect a branch in the kernel to a disclosure gadget, leak memory. |
|
|