2 min Security

SLAM-attack steals data from AMD and Intel CPUs

SLAM-attack steals data from AMD and Intel CPUs

The Spectre LAM (SLAM) technique makes future processors from Intel, AMD and Arm susceptible to attacks.

This was discovered by researchers at VU University Amsterdam. According to the researchers, the SLAM hacking technology, which builds on the well-known Spectre attack technique, enables a short-lived attack on the kernel memory of future Intel, AMD and Arm processors. At issue here are precisely security features designed to make these processors more secure.

SLAM technology uses these features to take advantage of a memory feature that allows software to use untranslated “address bits” in 64-bit linear addresses to store metadata.

Chip manufacturers also call this technology Linear Address Masking (Intel), Upper Address Ignore (AMD) and Top Byte Ignore (Arm), abbreviated LAM, UAI and TBI.

Purpose of SLAM attack

The goal of the SLAM attack technique, according to VU researchers, is to obtain the root password hash from kernel memory. Using special advanced algorithms, they can steal sensitive information from this (Linux) kernel memory, such as passwords or encryption keys.

The researchers found that the SLAM technique is especially sensitive to future processor designs. They cite the reason that these processor designs lack strong “canonicality” checks.

Barely intervening manufacturers

The aforementioned processor manufacturers have since responded to the VU researchers’ findings. Arm states that its systems provide protection against Spectre V2 and Spectre-BHB. It does not intend to take further action against SLAM.

AMD also points to its current Spectre V2 solutions and makes no recommendations or updates to curb the danger of SLAM.

Intel has announced that it will release security updates for future processors that support LAM, such as by assigning the Linear Address Space Separation security extension for LAM processors.

Also read: CVSS 4.0 vulnerability scoring system incorporates OT, ICS and IoT