Suggested topic of discussion: https://comsec.ethz.ch/research/microarch/retbleed/ Retbleed: Arbitrary Speculative Code Execution with Return Instructions Retbleed (CVE-2022-29900 and CVE-2022-29901) is the new addition to the family of speculative execution attacks that exploit branch target injection to leak information, which we call Spectre-BTI. Unlike its siblings, who trigger harmful branch target speculation by exploiting indirect jumps or calls, Retbleed exploits return instructions. This means a great deal, since it undermines some of our current Spectre-BTI defenses. On Thu, Jul 14, 2022 at 12:15:19PM -0400, Tim Keller via WLUG wrote:
Hey Gang,
I'd like to start by apologizing. There's been some illness and other stuff going on and I've focused a bit less on WLUG than I'd like. Thankfully things are getting sorted out at my end and I will be focusing much more on WLUG.
Tonight the meeting is going to be online. With the late announcement combined with only myself and John in person, it makes more sense to just have it online for this month. I plan on reaching out to the WPI people and seeing about doing in person meetings there for August hopefully. I'd also like to have a WLUG bbq at some point as well.
We'll have our meeting at the same time and same place and like usual, it's going to be awesome. Jitsi: https://meet.jit.si/WlugMA Time: 7pm
Later, Tim.