New SLAM Attack Threatens Future CPUs Security
Researchers have identified a new exploit impacting upcoming processors called “Spectre based on Linear Address Masking” (SLAM). This side-channel-based attack exploits the new security features in Intel (Linear Address Masking (LAM)), AMD (Upper Address Ignore (UAI)), and ARM (Top Byte Ignore (TBI) chips. Specifically, the SLAM attack is a transient execution technique exploiting the new memory improvement features to leak sensitive data like password hashes.
According to the researchers who discovered this bug, SLAM exploits a “previously unexplored class of Spectre disclosure gadgets” that involve pointer chasing. Unlike the Standard (masked) gadgets, the unmasked gadgets are common code patterns across different software and are even available with the Linux Kernel that doesn’t include masked gadgets. Unlike other side-channel attacks, SLAM threatens a wider range of systems, including Linux. In their study, the researchers emulated the Intel LAM feature on Ubuntu to demonstrate how the SLAM attack exploits the unmasked gadgets to leak arbitrary ASCII kernel data from a userland process.
Check out the article linked below for more information on how this attack works and an awesome video showing the SLAM attack leaking password hashes on Ubuntu!