Upcoming Intel, AMD and Arm CPUs at risk of new side-channel attack, researchers say


Posts: 36   +0
Why it matters: A side-channel attack called SLAM could exploit vulnerabilities in Intel, Arm and AMD chips that are under development, researchers have found. So far, the chip makers say their systems have enough protection against SLAM, but this is the first transient execution attack targeting future CPUs and it is unclear how well the companies' security will hold up.

Researchers from the Vrije Universiteit Amsterdam have discovered a new side-channel attack called SLAM that can be exploited to mine information from kernel memory, including accessing the root password, opening up a new set of Spectre attacks not only for some current CPUs but also those in development from Intel, Arm and AMD. The researchers said SLAM, the first transient execution attack targeting future CPUs, has proven adept at evading security features chip developers are incorporating into their newest products such as Intel's Linear Address Masking (LAM) and AMD's Upper Address Ignore (UAI).

The idea behind LAM, as well as AMD's similar UAI, is to allow software to efficiently make use of untranslated bits of 64-bit linear addresses for metadata, VUSec researchers wrote in a white paper. Their assumption is that with LAM or UAI enabled, more efficient security measures, such as memory safety, can be implemented, and ultimately production systems' security will be improved.

What SLAM does is use certain paging levels in the newer CPUs, a type of allocation managing method for the system's physical memory. Tom's Hardware notes that these CPUs ignore this attack method and exploit the same paging method, which is how SLAM, which is short for Spectre-based on LAM, got its acronym.

According to VUSec, the following CPUs are affected:

  • Future Intel CPUs supporting LAM (both 4- and 5-level paging)
  • Future AMD CPUs supporting UAI and 5-level paging
  • Future Arm CPUs supporting TBI and 5-level paging

These CPUs lack strong canonicality checks in the new paging levels and hence bypass any CPU level security, Tom's said.

Arm has published an advisory on SLAM noting that while "these techniques will typically increase the number of exploitable gadgets, Arm systems already mitigate against Spectre v2 and Spectre-BHB. Hence no action is required in response to the described attack." AMD has also pointed to existing Spectre v2 mitigations to address the SLAM exploit, and Intel plans to provide software guidance before it releases processors which support LAM.

Permalink to story.

Somehow, I feel all these "security/ vulnerability" news are like trying to rush people to upgrade to new hardware. The reality is that you cannot find a flawless chip. It is not a matter of whether there is any vulnerability, but rather when they get discovered.
"Chip makers believe that their current systems are adept enough to protect users"

Seems I've heard this claim more than a few times in the past, yet ......
In the white paper they talk about showing the exploit on an unreleased CPU that's virtualize in an ubuntu environment and not the actual CPU. Additionally, the white paper also mentions how difficult it is to get any useful data from this "exploit". All of this after gaining access to the computer, it's not an exploit the average user has to worry about since they likely don't encrypt their entire drive and won't likely have any information worth the time and effort to attempt to steal anyway.