University of Virginia and University of California San Diego researchers have discovered three new variants of Spectre attacks that are immune to current mitigations. They include (1) “a same thread cross-domain attack that leaks secrets across the user-kernel boundary,” (2) a “cross-SMT thread attack that transmits secrets across two SMT threads via the micro-op cache,” and (3) transient execution attacks that have the ability to leak an unauthorized secret accessed along a misspeculated path.” All modern processors from AMD (since 2017) and Intel (since 2011) are reportedly affected due to their use of micro-op caches.
[…] at this point there is no kernel patches or microcode updates to pass along. The researchers also believe that any mitigation will come with “much greater performance penalty” than what was found by previous attacks. Among the potential mitigations would involve flushing the micro-op cache at domain crossings and/or privilege level-based partitioning of the caches.