Researchers have devised a new attack strategy that threatens the security of future CPUs. Identified as SLAM attack, the attack targets the future CPUs from Intel, ARM, and AMD, exploiting their newly launched features to access sensitive information.
SLAM Attack Risks Data Leak In Future CPUs
Researchers from the Systems and Network Security Group (VUSec Group) at Vrije Universiteit Amsterdam, have identified a new exploit impacting the upcoming processors.
The researchers identify the new side-channel attack as “Spectre based on Linear Address Masking” (SLAM), which exploits the new security features in Intel (Linear Address Masking (LAM)), AMD (Upper Address Ignore (UAI)), and ARM (Top Byte Ignore (TBI)) chips. (The vendors have simply named the same feature differently for their respective CPUs. Hence, the SLAM attack similarly targets all the processors.)
Specifically, the SLAM attack is a transient execution technique exploiting the new memory improvement features to leak sensitive information, like password hashes. According to the researchers, SLAM exploits a “previously unexplored class of Spectre disclosure gadgets” that involve pointer chasing. The unmasked gadgets, unlike the Standard (masked) gadgets, are common code patterns across different software, and are even available with the Linux Kernel that doesn’t include masked gadgets.
It means SLAM – unlike other side-channel attacks – risks a wider range of systems, including Linux. In their study, the researchers emulated the Intel LAM feature on Ubuntu to demonstrate how the SLAM attack exploits the unmasked gadgets to leak arbitrary ASCII kernel data from a userland process.
The following video demonstrates the SLAM attack on Ubuntu, leaking password hashes.
Attack Duly Reported To The Respective Vendors
With SLAM attack, the researchers highlighted how the upcoming linear address masking feature may allow unmasked gadgets exploitation despite otherwise improving the security.
Following this discovery, the researchers reported the vulnerability to Intel, AMD, and ARM, making Intel and ARM release guidelines for the future processors. Linux developers also released patches to disable LAM until further guidelines arrive. Nonetheless, AMD didn’t release any guidelines, navigating to the existing Spectre v2 mitigations as their strategy to address SLAM.
The researchers have shared the details about the SLAM attack in a research paper accepted for the IEEE S&P’24, sharing the other relevant data on GitHub.
Let us know your thoughts in the comments.