Under the "How difficult is it to exploit" in the FAQ they mention it's very easy and with 100% success. Yet the text itself says this:
In our analysis of the RMP initialization, we observed that the malicious hypervisor running on the x86 cores can still create dirty cachelines pointing to DRAM. [...] As depicted in (c), the malicious hypervisor can use the primitive to get arbitrary unchecked writes to RMP memory.
So it would seem it's easy as long as you managed to install a malicious hypervisor...
Of course not great, with supply chain attacks being a serious cause for concern. Still, hardly "easy" if it requires hijacking a core piece of infrastructure?
magicalhippo•1h ago
In our analysis of the RMP initialization, we observed that the malicious hypervisor running on the x86 cores can still create dirty cachelines pointing to DRAM. [...] As depicted in (c), the malicious hypervisor can use the primitive to get arbitrary unchecked writes to RMP memory.
So it would seem it's easy as long as you managed to install a malicious hypervisor...
Of course not great, with supply chain attacks being a serious cause for concern. Still, hardly "easy" if it requires hijacking a core piece of infrastructure?