Analyzing and Exploiting Branch Mispredictions in Microcode
Published in arXiv preprint, 2025
Recommended citation: Nicholas Mosier, Hamed Nemati, John C. Mitchell, Caroline Trippel. Analyzing and exploiting branch mispredictions in microcode, arXiv preprint. https://doi.org/10.48550/arXiv.2501.12890
We present µSpectre, a new class of transient execution attacks that exploit microcode branch mispredictions to transiently leak sensitive data. We find that many long-known and recently-discovered transient execution attacks, which were previously categorized as Spectre or Meltdown variants, are actually instances of µSpectre on some Intel microarchitectures. Based on our observations, we discover multiple new µSpectre attacks and present a defense against µSpectre vulnerabilities, called µSLH.