Attackers exploit the timing difference between a cache hit and a cache miss in a cache side-channel attack.
For example, an attacking software process that is legitimately accessing its own memory space can determine which cache lines have been accessed by a victim process.
Because all caches today use a fixed,
static mapping from memory addresses to cache lines,
the attacker can then infer the memory addresses used by the victim, and from these addresses,
the attacker can infer the value of secret encryption key bits used by the victim process.