A little while a go we wrote a paper about security problems in the microcode implementation and application of the IBPB instruction which acts as an important mechanism to mitigate different Spectre variants. As part of this work, we also built the first-ever cross-process Spectre attack that works on a real target. Furthermore, we showed that the way the Linux kernel uses IBPB to mitigate our previous Inception attack is unfortunately insecure. To fix this, we developed a patch that was merged into the Linux kernel.
The work generated some media attention with articles in The Register, BleepingComputer, CSO Online, Linux Security, Phoronix, TechRadar, and Fudzilla. The paper, that we conveniently titled “Breaking the Barrier: Post-Barrier Spectre Attacks”, just won a distinguished paper award at the flagship IEEE Security and Privacy conference. Our Linux kernel fix had previously been recognized by the Google VRP Patch Rewards Program. You can find more information about our work including two demos here.