Flushgeist: Cache Leaks from Beyond the Flush
This exposes a critical vulnerability in hardware security for systems relying on cache flush instructions, requiring revision of countermeasures.
The paper tackled the problem of cache leaks persisting after flush instructions like clflush and wbinvd, which are used as countermeasures against access-based cache attacks, and found that several Intel caches leak information post-flush, invalidating security assumptions.
Flushing the cache, using instructions like clflush and wbinvd, is commonly proposed as a countermeasure against access-based cache attacks. In this report, we show that several Intel caches, specifically the L1 caches in some pre-Skylake processors and the L2 caches in some post-Broadwell processors, leak information even after being flushed through clflush and wbinvd instructions. That is, security-critical assumptions about the behavior of clflush and wbinvd instructions are incorrect, and countermeasures that rely on them should be revised.