ClickCease SLAM Attack: New Vulnerability Targets Intel, AMD, Arm CPUs

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

SLAM Attack: New Vulnerability Targets Intel, AMD, Arm CPUs

Rohan Timalsina

December 26, 2023 - TuxCare expert team

In a groundbreaking revelation, researchers from Vrije Universiteit Amsterdam have uncovered a formidable side-channel attack known as SLAM, posing a serious threat to the security of current and future CPUs manufactured by tech giants Intel, AMD, and Arm. This sophisticated exploit capitalizes on a feature unique to Intel CPUs called Linear Address Masking (LAM), akin to AMD’s Upper Address Ignore (UAI) and Arm’s Top Byte Ignore (TBI).

 

Understanding SLAM

 

SLAM, which stands for Spectre-based Linear Address Masking, exploits a vulnerability in unmasked gadgets, allowing a userland process to clandestinely leak arbitrary ASCII kernel data. Unlike conventional attacks, SLAM takes advantage of seemingly secure features, such as LAM, which paradoxically weakens security, providing an open door for malicious actors.

 

The Irony of Security Features

 

LAM, UAI, and TBI were introduced by Intel, AMD, and Arm, respectively, as security features to enhance the protection of sensitive kernel data. However, the study by Vrije Universiteit Amsterdam reveals a surprising twist—the very features designed to fortify security instead contribute to its degradation. The researchers found that SLAM dramatically expands the Spectre attack surface, making CPUs susceptible to a transient execution attack.

A transient execution attack operates by exploiting microarchitectural side effects of transient instructions. This allows a malicious adversary to access information that would normally be restricted by architectural access control mechanisms. In simple terms, SLAM takes advantage of speculative execution, extracting sensitive data through a cache covert channel.

The implications of SLAM are far-reaching, as demonstrated by the researchers who showcased its ability to potentially leak the root password hash from kernel memory within a matter of minutes. This highlights the urgency for comprehensive security measures and patches to mitigate the risks associated with this novel side-channel attack.

 

Conclusion

 

The SLAM attack introduces a new level of sophistication to the realm of side-channel exploits, leveraging seemingly secure features to compromise the integrity of CPU security. As technology evolves, so do the threats, necessitating constant vigilance and proactive measures to safeguard sensitive information from the clutches of stealthy attacks like SLAM. Stay informed, stay secure.

 

The sources for this article include a story from TheHackerNews.

Summary
SLAM Attack: New Vulnerability Targets Intel, AMD, Arm CPUs
Article Name
SLAM Attack: New Vulnerability Targets Intel, AMD, Arm CPUs
Description
Learn about SLAM Attack, a new Spectre-based vulnerability affecting Intel, AMD, and Arm CPUs. Stay informed to protect your systems.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter