Multiple new variants of the Spectre attacks have been discovered that may affect all modern AMD and Intel processors by taking advantage of the micro-op caches. This vulnerability allows the attacker to steal sensitive info from the data contained in the micro-op cache via multiple methods. Furthermore, since the micro-op cache is an important component of modern CPUs, taking up 20-30% of the die space, patches to fix this security flaw is likely to have a larger impact on performance than previous mitigations.
Update: Intel has responded to our post, claiming that the flaws mentioned in this paper have been already mitigated. Read more here.
In case you’re curious, the micro-op cache is used to bypass the primary decode pipeline in an x86 processor to both speed up the pipeline as well as save power by spending less time on the expensive decode stage. It holds the results of the branch prediction unit in the form of the instruction addresses that the processor expects to fetch for future calculations, thereby bypassing the entire fetch-decode stage that would have otherwise taken much longer. But, because of this very reason, it’s open to various kinds of side-channel attacks.
This paper describes three attacks – (1) a same thread cross-domain attack that leaks secrets across the user-kernel boundary, (2) a cross-SMT thread attack that transmits secrets across two SMT threads via the micro-op cache, and (3) transient execution attacks that have the ability to leak an unauthorized secret accessed along a mis-speculated path, even before the transient instruction is dispatched to execution, breaking several existing invisible speculation and fencing-based solutions that mitigate Spectre.Whitepaper
It bypasses all techniques that mitigate caches as side channels. Furthermore, these attacks pertaining to the micro-op cache are not detected by existing security measures. Lastly, since it sits at the front of the pipeline, well before execution, certain defenses that mitigate Spectre and other transient execution attacks by restricting speculative cache updates still remain vulnerable to micro-op cache attacks. Among the potential mitigations against this vulnerability include flushing the micro-op cache at domain crossings and/or privilege level-based partitioning of the caches.