SLAM Attack: New Vulnerability Targets Intel, AMD, Arm CPUs
In a groundbreaking revelation, researchers from Vrije Universiteit Amsterdam have uncovered a formidable side-channel attack known as SLAM, posing a serious threat to the security of current and future CPUs manufactured by tech giants Intel, AMD, and Arm. This sophisticated exploit capitalizes on a feature unique to Intel CPUs called Linear Address Masking (LAM), akin to AMD’s Upper Address Ignore (UAI) and Arm’s Top Byte Ignore (TBI).
SLAM, which stands for Spectre-based Linear Address Masking, exploits a vulnerability in unmasked gadgets, allowing a userland process to clandestinely leak arbitrary ASCII kernel data. Unlike conventional attacks, SLAM takes advantage of seemingly secure features, such as LAM, which paradoxically weakens security, providing an open door for malicious actors.
The Irony of Security Features
LAM, UAI, and TBI were introduced by Intel, AMD, and Arm, respectively, as security features to enhance the protection of sensitive kernel data. However, the study by Vrije Universiteit Amsterdam reveals a surprising twist—the very features designed to fortify security instead contribute to its degradation. The researchers found that SLAM dramatically expands the Spectre attack surface, making CPUs susceptible to a transient execution attack.
A transient execution attack operates by exploiting microarchitectural side effects of transient instructions. This allows a malicious adversary to access information that would normally be restricted by architectural access control mechanisms. In simple terms, SLAM takes advantage of speculative execution, extracting sensitive data through a cache covert channel.
The implications of SLAM are far-reaching, as demonstrated by the researchers who showcased its ability to potentially leak the root password hash from kernel memory within a matter of minutes. This highlights the urgency for comprehensive security measures and patches to mitigate the risks associated with this novel side-channel attack.
The SLAM attack introduces a new level of sophistication to the realm of side-channel exploits, leveraging seemingly secure features to compromise the integrity of CPU security. As technology evolves, so do the threats, necessitating constant vigilance and proactive measures to safeguard sensitive information from the clutches of stealthy attacks like SLAM. Stay informed, stay secure.
The sources for this article include a story from TheHackerNews.