X86 dispatch contention vulnerability

Ryan Carboni ryacko at gmail.com
Wed Nov 14 09:34:44 PST 2018

While many x86 implementation vulnerabilities in the past involve either
electromagnetic emissions or cache timing attacks, I have not read anything
about instruction dispatch contention. According to anger fog’s research,
Intel’s implementation of the x86 instruction set does not dispatch more
than three of a single instruction, and it has been so for a long time.
Irregardless of their design decisions for instruction dispatch, this
provides a side channel in which two cooperating processes operating on the
same core can conduct half-duplex communication at the rate of 2 bits per
cycle by one process attempting to compete with another process for the
same capacity for dispatches over a single instruction (0, 1, 2, 3). While
I do not have the resources to know how x86 processors handles dispatch
contention issues, if it is handled in a regular and non-random manner, it
would reach that theoretical level of severity.

This violates certain access controls assumed to be imposed by the kernel.

I suppose I can’t collect my quarter million dollar prize if I publish this
to the world?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1156 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20181114/d67c8a5c/attachment.txt>

More information about the cypherpunks mailing list