This is a pretty impressive write up, in my opinion. It’s actually really cool. Well, probably not “really cool” if you have an Intel CPU listed and are in a high target area. But I think it’s really cool
Snippets from the article
For the first time, we show that speculative execution enables attackers to leak sensitive information also across cores on many Intel CPUs, bypassing all the existing intra-core mitigations against prior speculative (or transient ) execution attacks such Spectre, Meltdown, etc.
Detailing the Attack
First, on one CPU core, we run the target instructions that potentially interact with the staging buffer. Then, on another CPU core, we try to observe whether the contents of the staging buffer change due to the execution of the target instructions. To make sure that we observe the contents of the staging buffer, we need to ensure that we continuously pull data from the staging buffer.
There is a video, source code repository with the PoC, and full length white paper.
WOW. This org definitely went over the top with their demonstration.
Intel has implemented its mitigation for the SRBDS vulnerability in a microcode update distributed to software vendors on Tuesday June 9, 2020 or earlier.
Link included in “mitigation” in the quote above.
Their professionalism is to be commended, I think. They had a full disclosure with Intel and waited the appropriate amount of time before sending the PoC to the public.