Spectre 10 _verified_ Jun 2026

Attacker measures access time to each array2 page:

: Some systems provide controls to disable speculative execution or to tightly control it, which can mitigate Spectre attacks but may also impact performance. spectre 10

The CPU uses a and Pattern History Table (PHT) to guess direction/target. Spectre poisons these predictors to cause the victim to speculatively execute attacker-controlled code. Attacker measures access time to each array2 page:

:

Example command (Linux):