A new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm. The attack is an end-to-end exploit for Spectre based on a new feature in Intel CPUs called Linear Address Masking (LAM) as well as its analogous counterparts from AMD (called Upper Address Ignore or UAI) and Arm (called Top Byte Ignore or TBI). "SLAM exploits unmasked gadgets to let a userland process leak arbitrary ASCII kernel data," VUSec researchers said, adding it could be leveraged to leak the root password hash within minutes from kernel memory. The first page lists these processors as affected: - Existing AMD CPUs vulnerable to CVE-2020-12965; - Future Intel CPUs supporting LAM (both 4- and 5-level paging); - Future AMD CPUs supporting UAI and 5-level paging; - Future Arm CPUs supporting TBI and 5-level paging. as it takes advantage of CPU features which allow masking off some bits of pointer addresses to store additional data in, such as Intel’s Linear Address Masking (LAM), AMD’s Upper Address Ignore (UAI), or ARM's Top-byte Ignore (TBI). Refer: https://www.openwall.com/lists/oss-security/2023/12/05/3
More Details: ------------- Arm systems already mitigate against Spectre v2 and BHB, and it is considered the software's responsibility to protect itself against Spectre v1," Arm said in an advisory. "The described techniques only increase the attack surface of existing vulnerabilities such as Spectre v2 or BHB by augmenting the number of exploitable gadgets." AMD has pointed to current Spectre v2 mitigations to address the SLAM exploit. Intel, on the other hand, intends to provide software guidance prior to the future release of Intel processors that support LAM. Linux maintainers have developed patches to disable LAM by default.