Sounds like a valid issue!
Jim Bell
On Wednesday, November 14, 2018, 9:36:06 AM PST, Ryan Carboni
<[email protected]> wrote:
While many x86 implementation vulnerabilities in the past involve either
electromagnetic emissions or cache timing attacks, I have not read anything
about instruction dispatch contention. According to anger fog’s research,
Intel’s implementation of the x86 instruction set does not dispatch more than
three of a single instruction, and it has been so for a long time. Irregardless
of their design decisions for instruction dispatch, this provides a side
channel in which two cooperating processes operating on the same core can
conduct half-duplex communication at the rate of 2 bits per cycle by one
process attempting to compete with another process for the same capacity for
dispatches over a single instruction (0, 1, 2, 3). While I do not have the
resources to know how x86 processors handles dispatch contention issues, if it
is handled in a regular and non-random manner, it would reach that theoretical
level of severity.
This violates certain access controls assumed to be imposed by the kernel.
I suppose I can’t collect my quarter million dollar prize if I publish this to
the world?
