"The goal of the attack is to gain access to the normally very
well protected SMM (system management mode) space. From there you
would be able to load your SMM rootkit into SMM space giving you
full control over the hypervisor or operation system. Another
benefit is that your rootkit would be almost undetectable by the
operating system. According to the whitepaper: "The memory
controller offers dedicated locks to limit access to only to system
firmware (BIOS)."
"The exploit uses a form of Intel cache poisoning to get access
to the SMM space that is supposed to be only accessible from system
BIOS. Caching is used to increase performance of your computer. The
CPU will use cached data first if it exists. So if you can replace
the cache data with your own malicious data then you can be assured
that it will be used in favor of the real data."
