Shulou(Shulou.com)12/24 Report--

CTOnews.com, December 9, the VUSec research team from the Free University of Amsterdam recently discovered a new side channel attack called SLAM (Spectre over LAM).

The team said that this attack could affect existing processors of Intel, AMD and Arm, and that subsequent products could not be effectively repaired in the short term.

This timing attack mainly uses the hardware function of processor security to obtain the hash value of administrator password from kernel storage.

Source PixabayCTOnews.com Note: three chip manufacturers implement hardware functions in different ways and use different terms. Intel calls it a linear address mask (LAM), AMD calls it high address omission (UAI), and Arm calls it high byte omission (TBI).

The main functions of LAM, UAI, and TBI are to accelerate the physical memory security and RAM management of CPU.

SLAM uses the above functions to store untranslated bits in 64-bit linear addresses in kernel metadata. During the attack, a new temporary execution procedure is created that examines a series of unshielded instructions in the program code, called "gadgets".

Attackers need to use the target system code that communicates with these devices, and then apply a series of algorithms to extract sensitive information from kernel memory, such as administrator passwords and other encryption keys.

The researchers successfully executed the SLAM attack on the system of Intel Core i9-13900K processor and AMD Ryzen 72700X processor.

VUSec researchers claim that most current and future processors from these three global manufacturers are vulnerable to SLAM attacks:

Confirm existing AMD processors with CVE-2020-12965 vulnerability

Future support for LAM Intel Sierra Forest, Grand Ridge, Arrow Lake and Lunar Lake processors

Future AMD processors that support UAI and level 5 memory paging

Future Arm processors with TBI support and level 5 memory paging.

There are currently no valid patches for this vulnerability, and major Linux distributions can avoid risk by disabling LAM.

Arm does not see the need for further action against SLAM.

AMD claims that its previous mitigation measures for Spectre V2 vulnerabilities can also prevent SLAM attacks. Intel recommends that customers deploy this feature using Linear address Space sharing (LASS) extensions to prevent such kernel access.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.