Researchers from the Netherlands-based Vrije Universiteit Amsterdam (VUSEC) recently published their findings over a new attack that could potentially affect Intel, AMD, and ARM chips altogether. The vulnerability is known as the Spectre based on Linear Address Masking, or SLAM for short.
The Dutch-based body describes SLAM as the first transient execution attack that is designed to target future CPUs, and has been proven to be capable of avoiding even the most current and advanced security features that Intel, AMD, and ARM have seemingly equipped their respective components with. For example, the list includes the blue team’s Linear Address Masking (LAM), and red team’s Upper Address Ignore (UAI).
“SLAM is the first transient execution attack targeting future CPUs. Multiple chip vendors are working on linear address masking features in their upcoming CPUs (e.g., Intel’s Linear Address Masking or LAM and AMD’s Upper Address Ignore or UAI). Although these are (future) hardware features aimed at improving security, SLAM shows that, by loosening canonicality checks, they also enable the exploitation of unmasked Spectre gadgets. More generally, SLAM shows that microarchitectural security crucially depends on strong canonicality checks. Therefore, even existing CPUs with weak canonicality checks may be affected.”
As to which CPUs are affected, VUSEC’s simple lists fingers the following:
- Existing AMD CPUs vulnerable to CVE-2020-12965;
- Future Intel CPUs supporting LAM (both 4- and 5-level paging);
- Future AMD CPUs supporting UAI and 5-level paging;
- Future Arm CPUs supporting TBI and 5-level paging.
Despite the threat of a SLAM attack, all the chipmakers have reportedly expressed confidence in their respective technologies to mitigate said exploit. ARM itself published an advisory, noting that “while these techniques will typically increase the number of exploitable gadgets, Arm systems already mitigate against Spectre v2 and Spectre-BHB. Hence no action is required in response to the described attack.”
(Source: VUSEC, ARM, Techspot)
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.