On Jan 5, 2018, at 8:52 AM, <Paul.Koning%dell.com@localhost> <Paul.Koning%dell.com@localhost> wrote:so the illegal read is also speculative, and is voided (exception
and all) when the wrong branch prediction is sorted out. But it
looks like the paper is saying that refinement has not been
demonstrated, though such branch prediction hacks have been shown
in other exploits. Still, if that can be done, a test for
"SEGV too often" is no help.
Actually, the _javascript_ exploit works exactly in this way. Sigh.
|