In order to exploit vulnerability, an attacker needs to:
- gain local access on the machine
- break kASLR
- find gadgets in the running kernel in order to use them in the exploit
- potentially create and pin an additional workload on the sibling
thread, depending on the microarchitecture (not necessary on fam 0x19)
- run the exploit
That fact that breaking kASLR is required for this and the considerably complex exploit chain compared to others makes me worry about this a lot less compared to the exploitable-from-JS ones.
I'll wait for some benchmarks to come out from Phoronix or similar and depending on how bad the perf hit is, I will consider disabling mitigations for this on my personal computer.
If someone has gotten a malicious binary running on my machine - even without root permissions - it's already over anyway.
Breaking KASLR is also required for the original Spectre attack (and Inception can break it by itself). In fact, the threat model of Inception is identical to that of original Spectre. Inception may be more complicated, but the requirements are the same.
That fact that breaking kASLR is required for this and the considerably complex exploit chain compared to others makes me worry about this a lot less compared to the exploitable-from-JS ones.
I'll wait for some benchmarks to come out from Phoronix or similar and depending on how bad the perf hit is, I will consider disabling mitigations for this on my personal computer.
If someone has gotten a malicious binary running on my machine - even without root permissions - it's already over anyway.