- Researchers have found a new type of side-channel attack, named SLAM, that can circumvent the security features of the latest CPUs.
- The attack leverages a memory feature of CPUs that allows storing untranslated data bits in the kernel metadata to extract encryption keys and root passwords.
Current and upcoming CPUs from Intel, Arm, and AMD with Linear Address Masking (LAM), Top Byte Ignore (TBI), and Upper Access Ignore (UAI) security features have been found vulnerable to a new kind of side-channel attack called Spectre based on a Linear Masking (SLAM). The attack, based on Spectre BHI attacks, can circumvent hardware protections and expose kernel-memory password hashes.
SLAM is a type of attack based on transient execution that leverages memory features that allow the software to use untranslated data bits in 64-bit linear addresses to store kernel metadata. Malicious actors can manipulate instructions in software code to trigger execution in a way that reveals sensitive data, including information from various programs and even the operating system.
The threat has been attributed to poor canonicality checks in chip designs. While LAM, UAI, and TBI help manage and…
?xml>
