December 9, 2023 at 07:12AM
Researchers from Vrije Universiteit Amsterdam disclosed a new side-channel attack called SLAM, exploiting a feature in Intel, AMD, and Arm CPUs. The exploit, an end-to-end Spectre-based attack, allows leakage of sensitive data from kernel memory. Intel, AMD, and Arm are working on mitigations, while existing and future CPUs are affected. The attack targets future CPUs and increases the Spectre attack surface.
Based on the meeting notes, it appears that researchers from the Vrije Universiteit Amsterdam have discovered a new side-channel attack called SLAM. This attack can potentially leak sensitive information from the kernel memory of current and upcoming CPUs from Intel, AMD, and Arm.
The attack exploits a new feature called Linear Address Masking (LAM) in Intel CPUs and its analogous counterparts in AMD (Upper Address Ignore or UAI) and Arm (Top Byte Ignore or TBI). It has been found to degrade security and increase the Spectre attack surface, resulting in a transient execution attack that can extract sensitive data via a cache covert channel.
The impact of the SLAM attack extends to existing AMD CPUs vulnerable to CVE-2020-12965, as well as future CPUs supporting LAM (both 4- and 5-level paging) from Intel, future CPUs supporting UAI and 5-level paging from AMD, and future CPUs supporting TBI and 5-level paging from Arm.
Furthermore, while AMD and Arm have pointed to existing mitigations to address the SLAM exploit, Intel intends to provide software guidance for future processors supporting LAM. In the meantime, Linux maintainers have developed patches to disable LAM by default.
In addition, VUSec researchers have also presented a software-only approach called Quarantine, designed to mitigate transient execution attacks and achieve physical domain isolation by partitioning the Last level cache (LLC) among different security domains.
Overall, the SLAM attack highlights the potential vulnerabilities in current and future CPUs from major manufacturers and necessitates proactive measures to address these security risks.