Hi, author here. Thanks for posting this! I gave a talk yesterday at the 39th Chaos Communication Congress in Hamburg that goes into detail about how the vulnerability works [1]. Short summary, on affected CPUs, all of host physical memory can be read, despite commonly applied software mitigations. On Google Cloud, we were able to leak from all of the physical memory from other tenants as well, without having to interact with the victim virtual machine.[1] https://media.ccc.de/v/39c3-spectre-in-the-real-world-leakin...
boulos|2 months ago
Nice write up and very clever work. I'm surprised by the AWS response that you linked to though (https://aws.amazon.com/blogs/security/ec2-defenses-against-l...).
While I was sure they'd note that Nitro doesn't have this vulnerability due to its design, it seems weird not to talk about Firecracker and Lambda and so on. Maybe those are always on Cascadelake+ hardware? (I also haven't followed this space for 5 years, so maybe I'm asking the wrong question)
thijsr|2 months ago
We had to limit the scope of the project somewhere unfortunately, but it would have been nice to check Firecracker and Lambda as well.
[1] https://github.com/firecracker-microvm/firecracker/blob/main...
Fnoord|2 months ago