Trying to construct a timeline of  , because some things don’t compute. This post will be updated! If you want to add/correct something, please comment.

The CVE numbers 2017-5715, 2017-5753 and 2017-5754 are assigned to/reserved by Intel. (I guess they asked for being assigned a range).

Bosman et al publish their findings how ASLR can be abused on cachebased architectures at the NDSS Symposium. [5]

Some time before June, 2017
The two attack vectors, now combined as , are independently found by Google’s Project Zero researchers and researchers from the academic world. [1]

The findings are shared with Intel, AMD and Arm. [1] footnote 1

Some time before 2017-07-28
attack vector is identified and shared with Intel (also AMD, ARM?) (by the same group?) [1] footnote 1

Anders Fogh publishes his findings (found independently?) called “Negative Result: Reading Kernel Memory From User Mode” [3]

Intel informs partners and other interested parties under NDA. [2]

The CRD (Coordinated Release Date) is agreed upon to be 2018-01-09 by many parties involved. [2]

Apple releases iOS 11.2, MacOS 10.13.2 and TVos 11.2. These update contain fixes for but that is not mentioned in the release notes.

The sweetpython post appears, speculating about what’s behind the Linux kernel patches called PTI [4]

The Register publishes an article titled “Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign” that puts enough of the information together. [6]

Bosman posts on Twitter about a working reproducer for [7]

Google breaks the agreed CRD and makes everything public. Amazon, Google, Microsoft declare their respective clouds are patched and safe.