Microarchitectural exploitation and other hardware attacks.
Contributions, comments and corrections are welcome, please do PR.
[ÆPIC Leak] Architecturally Leaking Uninitialized Data from the Microarchitecture
TPM-FAIL / TPM meets Timing and Lattice Attacks
[CVE-2015-0565] Rowhammer based:
Spectre:
[CVE-2017-5753] Spectre-V1 / Spectre v1 / Spectre-PHT / Bounds Check Bypass (BCB)
[CVE-2018-3693] Spectre 1.2 / Meltdown-RW / Read-only protection bypass (RPB)
[CVE-2017-5715] Spectre-V2 / Spectre v2 / Spectre-BTB / Branch Target Injection (BTI)
SpectreNG class:
Spectre RSB (Return Mispredict / Return Stack Buffer (RSB)) based:
Meltdown (Rogue Data Cache Load (RDCL)):
Microarchitectural Data Sampling (MDS):
[CVE-2020-0551] Hijacking Transient Execution with Load Value Injection (LVI)
[CVE-2020-0543] Crosstalk / Special Register Buffer Data Sampling (SRBDS)
Processor MMIO Stale Data based:
Speculative Race Conditions (SRC):
[PACMAN] Attacking ARM pointer authentication with speculative execution
[Lord of the Ring(s)] Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical
[Augury] Using Data Memory-Dependent Prefetchers (DMP) to Leak Data at Rest
[CVE-2020-8694 / CVE-2020-8695] PLATYPUS: Software-based Power Side-Channel Attacks on x86
[Hertzbleed] Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86
[CVE-2023-20593] Zenbleed: A use-after-free in AMD Zen2 processors
[CVE-2023-20583] Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels
[CVE-2023-23583] Reptar: A Intel redundant prefix vulnerability
$ cat /sys/devices/system/cpu/vulnerabilities/*