Spectre in the real world: Leaking your private data from the cloud with CPU vulnerabilities
Thijs Raymakers
39th Chaos Communication Congress (39C3): Power Cycles · Day 4 · Saal Zero
Eight years after the initial disclosures of **Spectre** and **Meltdown**, CPU vulnerabilities continue to challenge the fundamental security boundaries of modern computing. This talk, "Spectre in the real world: Leaking your private data from the cloud with CPU vulnerabilities," presented by Thijs Raymakers, delves into the practical exploitability of these hardware flaws within multi-tenant cloud environments. Raymakers demonstrates a novel attack chain that combines two known CPU vulnerabilities, **L1TF** and **Half-Spectre**, to stealthily exfiltrate sensitive data from co-located virtual machines (VMs) hosted by major cloud providers.