(no title)

A colleague pointed out that FPAC[1] in ARMV8.6-A likely prevents this attack, is that right?

I haven't fully digested the paper, but the gadgets seem to rely on AUT, and "Implementations with FPAC generate an exception on an AUT* instruction where the PAC is incorrect"

[1] https://community.arm.com/arm-community-blogs/b/architecture...