"#BlindSide allows attackers to [...] mount #BROP-style #attacks in the #speculative execution domain to repeatedly probe and #derandomize the #kernel address space, craft arbitrary memory read gadgets, and enable reliable exploitation. This works even in face of strong randomization schemes, e.g., the recent #FGKASLR or fine-grained schemes based on execute-only memory, and state-of-the-art mitigations against #Spectre and other transient execution attacks."
https://www.vusec.net/projects/blindside/
#InfoSec