https://www.cs.virginia.edu/venkat/papers/isca2021a.pdf https://duckduckgo.com/?q=micro-op+cache I See Dead µops: Leaking Secrets via Intel/AMD Micro-Op Caches New micro-op cache attacks break all Spectre defences. All modern AMD and Intel processors featuring micro-op caches are vulnerable. Abstract -- Modern Intel, AMD, and ARM processors translate complex instructions into simpler internal micro-ops that are then cached in a dedicated on-chip structure called the micro- op cache. This work presents an in-depth characterization study of the micro-op cache, reverse-engineering many undocumented features, and further describes attacks that exploit the micro- op cache as a timing channel to transmit secret information. In particular, this paper describes three attacks ­ (1) a same thread cross-domain attack that leaks secrets across the user- kernel boundary, (2) a cross-SMT thread attack that transmits secrets across two SMT threads via the micro-op cache, and (3) transient execution attacks that have the ability to leak an unauthorized secret accessed along a misspeculated path, even before the transient instruction is dispatched to execution, breaking several existing invisible speculation and fencing-based solutions that mitigate Spectre. ... This paper presents a detailed characterization of the micro- op cache in Intel Skylake and AMD Zen microarchitectures, revealing details on several undocumented features. The paper also presents new attacks that exploit the micro-op cache to leak secrets in three primary settings: (a) across the user-kernel boundary, (b) across co-located SMT threads running on the same physical core, but different logical cores, and (c) two transient execution attack variants that exploit the micro-op cache timing channel, bypassing many recently proposed de- fenses in the literature. Finally, the paper includes a discussion on the effectiveness of the attack under existing mitigations against side-channel and transient execution attacks, and fur- ther identifies potential mitigations.