Pacman[a] is a side-channel vulnerability in certain ARM CPUs that was made public by Massachusetts Institute of Technology security researchers on June 10, 2021.

[3] Pacman is similar to Spectre, abusing two key CPU optimizations to create a PAC oracle: branch prediction and memory caching.

[4] PAC is a security feature in ARMv8.3-based computer processors that mitigates against return-oriented programming by adding a cryptographic signature to the upper bits of pointers.

Instructions executed during this period are 'speculative', and the CPU holds their results in the re-order buffer (ROB) without writing them back to memory.

Once the CPU finishes evaluating the condition and determines that its initial prediction was correct, it 'retires' the instructions in the ROB by writing their changes back to memory and propagating any exceptions produced.

This lowers the cost of memory accesses from hundreds of cycles to fewer than 10, by reducing the amount of time spent communicating with the physically separate northbridge and RAM chip.

[11] Ravichandran et al. demonstrate that the cache-based Prime and Probe technique can be used to determine whether the load instruction executed.

The branch predictor will speculatively execute the contents of the if statement, before eventually flushing the pipeline and rolling back.

[13] During this speculative execution, two things can occur: The attacker measures the access time for each element in their eviction set.