Emergence

A detailed timeline can be found here. RIDL was reported to Intel in 2018, prompting Intel to issue microcode updates. The story from Intel’s perspective is here. The response from Intel was to release MD_CLEAR functionality. On processors that enumerate MD_CLEAR, verw or L1D_FLUSH should be used to cause the processor to overwrite the affected buffers.

Mechanisms

RIDL can exploit Line Fill Buffers and Load Ports. LFB implements multiple MSHRs to enable a non-blocking cache.

Fallout leaks data from Store Buffers by forwarding a store value to a faulting or assisting load.

ZombieLoad’s authors deduce that the leakage sources are not only limited to LFB but possibly including the load buffer. LFB serves as an interface to other caches and the main memory and keeps track of outstanding loads. Memory accesses to uncacheable memory regions, and non-temporal moves all go through the LFB.