Exploits

Useful terms

Branch Predictor Unit (BPU)

A branch predictor is a digital circuit that tries to guess which way a branch (e.g., an if–then–else structure) will go before this is known definitively. Without branch prediction, the processor would have to wait until the conditional jump instruction has passed the execute stage before the next instruction can enter the fetch stage in the pipeline. The branch predictor attempts to avoid this waste of time by trying to guess whether the conditional jump is most likely to be taken or not taken. Very good image - Branch predictor - Wikipedia" class="internal-link" target="_self" rel="noopener nofollow">BTB[3]

Branch Target Buffer (BTB)

The BTB stores the tag and target used by the BPU

Stack Smashing

Also known as stack buffer overflow, the goal is to overflow the stack to affect its memory (the mem that would normally be out of range/not changeable like a return address). This was rendered mostly useless (at least in its basic form) because we can now declare the buffer as non-executable and avoid the whole fiasco. [1]

Return-oriented programming (ROP)

#Stack Smashing Big brother, the goal is now to use that buffer to trick the process into returning data by using one of the process/library own instruction.[2]

Spectre-V2

well explained HERE, meaning that anyone can overwrite it with junk. [4]

Branch History Injection (BHI)

Inspired by #Spectre-V2 containing a malicious payload and then using specific user history in order to get the kernel to run that payload. [4]

Register File Data Sampling (RFDS)

RFDS is a microarchitectural vulnerability, which, in some situations, may allow an attacker to infer data values previously used(left behind) in floating point registers, vector registers, or integer registers. RFDS only affects Intel Atom® processors. (BTW the E Cores on Raptor Lake and Alder Lake are included)

Sources: