Reading privileged memory with a side-channel
Spectre-SSB: Speculative Store Bypass
Speculative Buffer Overflows: Attacks and Defenses
Spectre Returns! Speculation Attacks using the Return Stack Buffer
A Systematic Evaluation of Transient Execution Attacks and Defenses
Speculative Probing: Hacking Blind in the Spectre Era
Bypassing memory safety mechanisms through speculative control flow hijacks
KASPER: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel
RETBLEED: Arbitrary Speculative Code Execution with Return Instructions
RAMBleed: Reading Bits in Memory Without Accessing Them
NetCAT: Practical Cache Attacks from the Network
LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection