The IBM Power9 processors can speculatively operate on data stored in the L1 cache before it has been completely validated. Unlike other attacks, the attack has limited access to memory and is only able to access memory normally permissable to the execution context. The Power9 systems implement hardware and microcode measures to mitigate unprotected data leakage. An attacker may however induce a condition where the operating system speculative execute instructions using data that the attacker controls. Measuring the timing access of the execution can allow an attacker with a local account to be able to infer memory contents.
Name: Anthony Steinhauser (Google's Safeside Project)
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1900437]
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.