Fresh SLAM Attack Extracts Sensitive Data from AMD CPUs and Upcoming Intel Processors

Academic researchers have unveiled a novel side-channel attack named SLAM, designed to exploit hardware enhancements meant to bolster security in forthcoming CPUs from major manufacturers like Intel, AMD, and Arm.
The attack aims to retrieve the root password hash from the kernel memory through a transient execution technique.
SLAM takes advantage of a memory feature allowing software to utilize untranslated address bits in 64-bit linear addresses for metadata storage.
Diverse CPU vendors implement this feature differently, with Intel calling it Linear Address Masking, AMD labeling it Upper Address Ignore, and Arm referring to it as Top Byte Ignore.
The SLAM attack, an abbreviation for Spectre based on LAM, was identified by researchers at Vrije Universiteit Amsterdam's Systems and Network Security Group.
They demonstrated the attack's viability by emulating the upcoming LAM feature from Intel on a previous-generation Ubuntu system.
According to VUSec, SLAM primarily affects future chips meeting specific criteria due to a lack of robust canonicality checks in their designs.
Despite advanced hardware features like LAM, UAI, and TBI improving memory security, they introduce exploitable micro-architectural race conditions.
The attack hinges on a new transient execution technique focusing on exploiting a previously unexplored class of Spectre disclosure gadgets, particularly those involving pointer chasing.
Gadgets are manipulable instructions in software code that, when exploited, trigger speculative execution, revealing sensitive information.
To demonstrate the attack, researchers developed a scanner identifying hundreds of exploitable gadgets on the Linux kernel.
While executing the attack, an attacker must run code on the target system that interacts with unmasked gadgets, measuring side effects with sophisticated algorithms to extract sensitive information like passwords or encryption keys from the kernel memory.
The SLAM attack impacts various processors, including existing vulnerable AMD CPUs, future Intel CPUs supporting LAM, future AMD CPUs supporting UAI and 5-level paging, and future Arm CPUs supporting TBI and 5-level paging.
In response to SLAM, Arm asserted its systems already mitigate against Spectre v2 and Spectre-BHB, with no further action planned.
AMD referenced existing Spectre v2 mitigations, while Intel announced plans for software guidance and the deployment of security extensions before releasing future processors supporting LAM. Meanwhile, Linux engineers have devised patches to disable LAM until further guidance becomes available.


This Cyber News was published on www.cysecurity.news. Publication date: Fri, 08 Dec 2023 18:28:05 +0000


Cyber News related to Fresh SLAM Attack Extracts Sensitive Data from AMD CPUs and Upcoming Intel Processors

Fresh SLAM Attack Extracts Sensitive Data from AMD CPUs and Upcoming Intel Processors - Academic researchers have unveiled a novel side-channel attack named SLAM, designed to exploit hardware enhancements meant to bolster security in forthcoming CPUs from major manufacturers like Intel, AMD, and Arm. The attack aims to retrieve the root ...
10 months ago Cysecurity.news
New SLAM attack steals sensitive data from AMD, future Intel CPUs - Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory. SLAM is a transient ...
11 months ago Bleepingcomputer.com
SLAM Attack: New Vulnerability Targets Intel, AMD, Arm CPUs - In a groundbreaking revelation, researchers from Vrije Universiteit Amsterdam have uncovered a formidable side-channel attack known as SLAM, posing a serious threat to the security of current and future CPUs manufactured by tech giants Intel, AMD, ...
10 months ago Securityboulevard.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day - Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. While eight remote code execution bugs were fixed, Microsoft only rated three ...
10 months ago Bleepingcomputer.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
6 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
6 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
6 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
6 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
6 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
6 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
6 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
6 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
6 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
6 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
6 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
6 months ago Cybersecurity-insiders.com
Intel knew AVX chips were insecure and did nothing - Intel has been sued by a handful of PC buyers who claim the x86 goliath failed to act when informed five years ago about faulty chip instructions that allowed the recent Downfall vulnerability, and during that period sold billions of insecure chips. ...
11 months ago Theregister.com
Intel out-of-band patch addresses privilege escalation flaw The Register - Intel on Tuesday issued an out-of-band security update to address a privilege escalation vulnerability in recent server and personal computer chips. The flaw, designated INTEL-SA-00950 and given a CVSS 3.0 score of 8.8 out of 10, affects Intel ...
11 months ago Theregister.com
Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities - Chipmakers Intel and AMD have published 10 new security advisories this Patch Tuesday to inform customers about vulnerabilities impacting their products. Intel published eight new advisories, including two that describe high-severity vulnerabilities. ...
7 months ago Securityweek.com
Latest Intel CPUs impacted by new Indirector side-channel attack - Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection attack dubbed 'Indirector,' which could be used to steal sensitive information from ...
4 months ago Bleepingcomputer.com
Latest Intel CPUs impacted by new Indirector side-channel attack - Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection attack dubbed 'Indirector,' which could be used to steal sensitive information from ...
4 months ago Bleepingcomputer.com
Microsoft publishes new Registry security mitigation for Intel processors - About six years ago, vulnerabilities were discovered that affected most Intel and AMD processors. The vulnerabilities, Spectre and Meltdown, can be exploited to read sensitive data from attacked computer systems. ADVERTISEMENT. Intel released an ...
6 months ago Ghacks.net
CVE-2022-37327 - Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC ...
1 year ago
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)