Arm CPUs impacted by rare side-channel attack
Chipmaker Arm has issued guidance to software developers this week detailing mitigations against a new vulnerability discovered in its Armv8-A (Cortex-A) CPU architecture.
Codenamed SLS (standing for Straight-Line Speculation), this bug is a classic side-channel speculative execution attack.
Speculative execution refers to the concept of CPUs processing data in advance for speed and performance reasons and then discarding the computational branches they don’t need. Side-channel attacks in speculative execution allow malicious threat actors to leak (steal) these temporary computations and see what the CPU might be working on.
The Spectre and Meltdown bugs were the first speculative execution side-channel attacks that were ever disclosed, when they become public, in early January 2018.
SLS, another form of the Spectre bug
In a document [PDF] published on Monday, Arm says SLS is another form of the original Spectre vulnerability. While the original Spectre bug impacted CPUs from all major chipmakers, SLS impacts Arm Armv-A processors only.
On impacted processors, Arm says that while computing operations in advance part of the speculative execution process, when there’s a change in the Arm CPU’s instruction control flow, the CPU reacts by executing instructions found linearly in its memory, past the change in the control flow — an unwanted scenario.
However, while the SLS bug’s description looks pretty bad, Arm says that at present, the security risk from an SLS attack is actually low.
“This would be difficult to exploit in practice, and a practical exploit has yet to be demonstrated,” the chipmaker wrote in an SLS FAQ page. However, Arm says that the possibility of a successful practical attack “cannot be dismissed.”
Arm has supplied patches to various FOSS projects
In the meantime, the company has been working since last year to fix this issue. Is engineers have contributed patches to various software projects and operating systems, including FreeBSD, OpenBSD, Trusted Firmware-A, and OP-TEE. These patches should block exploit attempts at the firmware/OS level.
However, Arm has done more. The company has also contributed patches to GCC and LLVM, two of today’s most popular code compilers. The patches are meant to prevent developers from compiling code that may be vulnerable to this attack and limit its spread in real-world code.
Unlike Spectre and Meltdown, Arm says these patches aren’t likely to cause any unwanted performance impact.
Arm said the SLS vulnerability was discovered by security researchers participating in Google SafeSide, a project exploring side-channel attacks caused by hardware-related factors.
SLS is also known as CVE-2020-13844 identifier, a code used for tracking security bugs.