Academic researchers at VU Amsterdam university have recently uncovered a novel threat to modern CPUs, presenting a potential challenge to future products from industry giants Intel, AMD, and Arm. This newly identified attack, named SLAM (Spectre based on Linear Address Masking), exploits upcoming hardware-based security features designed to enhance security checks but paradoxically opens up avenues for Spectre attacks.
The SLAM Attack Explained
SLAM specifically targets security features such as Intel’s Linear Address Masking (LAM), AMD’s Upper Address Ignore (UAI), and Arm’s Top Byte Ignore (TBI). These features, meant to bolster security, inadvertently extend the vulnerability surface for Spectre attacks. Spectre, a well-known transient execution CPU vulnerability, has the potential to expose sensitive information, including encryption keys and passwords, to side-channel attacks.
Scope of Impact
SLAM is reported to affect some current AMD processors and poses a risk to future Intel, AMD, and Arm CPUs set to support LAM, UAI, and TBI. To illustrate their findings, researchers developed a Spectre exploit targeting LAM on upcoming Intel processors, focusing on the Spectre BHI attack variant.
Demonstrated Exploits
The researchers demonstrated the exploit by targeting Spectre BHI, a more recent variant that bypasses certain hardware mitigations introduced in response to the original Spectre. Their end-to-end exploit leverages vulnerabilities in the Linux kernel, revealing the root password hash from kernel memory within minutes.
Industry Response
Upon discovering SLAM, Intel, AMD, and Arm were promptly informed. Intel, a research sponsor, plans to provide software guidance ahead of the release of CPUs supporting LAM. Linux developers have already issued patches to disable the security feature by default until Intel’s guidance is available. Arm published a security advisory, assuring customers that existing mitigations for Spectre v2 and Spectre BHI should thwart potential exploitation.
While Intel commits to addressing the issue with software guidance, AMD asserts that existing Spectre v2 mitigations are effective against SLAM. Arm, too, believes that current mitigations for Spectre v2 and BHI should suffice.
A technical paper detailing the SLAM attack, along with code and a video demonstrating the exploit, has been made public. This transparency is crucial in fostering collaborative efforts to develop effective countermeasures and heighten industry awareness.
Conclusion
The emergence of SLAM underscores the ongoing challenges in securing modern CPUs against sophisticated attacks. As researchers and industry players collaborate to address this vulnerability, the proactive disclosure of information and the commitment to providing timely solutions will be key in mitigating the potential risks posed by SLAM and similar threats in the future.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: