https://gruss.cc/files/prefetch.pdf CVE-2023-0597
The CVE's are empty (reserved) until people install the fixes. Fedora already has a fix, as I'm sure many other distros do.
This looks like a bad one. Spectre-like in its scope. Another fundamental flaw in the design of modern CPUs in terms of side-channel attacks.
But this one is on address-space knowledge, allowing the defeat of ASLR/SMAP.
So in that sense it is not a direct attack vector, but one that could be leveraged by other attacks that can benefit from address space knowledge. (I think? Thoughts?)
Yet another fix that is going to slow down our systems. The authors claim "only" up to 5% slowdown. All of these 5% slowdowns from the last 3 years are starting to add up...
It's like the atomic bomb: at times one might wish no one had discovered it... :-/