Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud www.securityweek.com/researche…

Last month, the academics reported L1TF Reloaded (PDF), a vulnerability that combines L1TF and half-Spectre to bypass commonly deployed software mitigations and leak sensitive data from the hypervisor and a co-tenant on Google Cloud.

“Using a novel technique based on pointer chasing through the host and guest, we leak all information required to manually perform two-dimensional page table walks in software; with this, we can translate arbitrary virtual guest addresses to host physical addresses, enabling the leakage of any byte in the memory of the victim via L1TF,” the academics note.

Paper at openreview.net/pdf