Snoop-assisted L1D Sampling is a speculative side channel where an
attacker can read the contents of a dirty cache line when the cache line
is read by another CPU.
For the exact cycle where a Snoop Response is being constructed for a
dirty cache line, a faulting/assisting load may be forwarded data from
the cache line.
See
https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling
for further details.
There are no planned mitigations, owing to the complexity of obtaining
data in the first place, and the implausible scenario an attacker would
have to be in to exploit this.
Note: This issue should not be confused with previously disclosed
CVE-2020-0449 L1D Eviction Sampling.
~Andrew,
On behalf of the Xen Security Team
_______________________________________________
Xen-users mailing list
Xen-users@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-users
attacker can read the contents of a dirty cache line when the cache line
is read by another CPU.
For the exact cycle where a Snoop Response is being constructed for a
dirty cache line, a faulting/assisting load may be forwarded data from
the cache line.
See
https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling
for further details.
There are no planned mitigations, owing to the complexity of obtaining
data in the first place, and the implausible scenario an attacker would
have to be in to exploit this.
Note: This issue should not be confused with previously disclosed
CVE-2020-0449 L1D Eviction Sampling.
~Andrew,
On behalf of the Xen Security Team
_______________________________________________
Xen-users mailing list
Xen-users@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-users