Security News > 2023 > December > New SLAM attack steals sensitive data from AMD, future Intel CPUs

New SLAM attack steals sensitive data from AMD, future Intel CPUs
2023-12-07 00:52

Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory.

Short for Spectre based on LAM, the SLAM attack was discovered by researchers at Systems and Network Security Group at Vrije Universiteit Amsterdam, who demonstrated its validity by emulating the upcoming LAM feature from Intel on a last-generation Ubuntu system.

The SLAM attack targets "Unmasked" gadgets that use secret data as a pointer, which the researchers report are common in software and can be exploited to leak arbitrary ASCII kernel data.

The code and data for reproducing the SLAM attack are available on VUSec's GitHub repository.

Vendor response to SLAM. Responding to the researchers' disclosure, Arm published an advisory explaining that its systems already mitigate against Spectre v2 and Spectre-BHB and plan no further action in response to SLAM. AMD also pointed to current Spectre v2 mitigations to address the SLAM attack described by the VUSec research group and did not provide any guidance or updates that would lower the risk.

New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs. New iLeakage attack steals emails, passwords from Apple Safari.


News URL

https://www.bleepingcomputer.com/news/security/new-slam-attack-steals-sensitive-data-from-amd-future-intel-cpus/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Intel 6314 31 755 708 45 1539
AMD 892 5 120 122 27 274