BranchScope: New CPU Side-Channel Attack
A new side-channel attack that takes advantage of the speculative execution feature of modern processors to recover data from targeted users' CPUs has been disclosed (http://www.cs.ucr.edu/~nael/pubs/asplos18.pdf). It targets the "branch prediction" operations —which is the same part of a CPU speculative execution process as the one targeted by "Spectre variant 2". However, while "Spectre 2" exploits the Branch Target Buffer (BTB), BranchScope exploits the Directional Branch Predictor (DBP).
Information Disclosure, Privilege Escalation