Some researchers at the Vrije Universiteit Amsterdam just found a new security flaw that affects upcoming CPUs from Intel, AMD, and Arm. It’s another Spectre-style attack, which is why they’re calling it SLAM – short for “Spectre based on LAM.”
The attack takes advantage of a hardware feature in the new chips that lets software use part of a memory address for storing extra data. Intel calls it Linear Address Masking, AMD calls it Upper Address Ignore, and Arm calls it Top Byte Ignore. But it’s the same basic thing.
By carefully crafting code, the researchers found ways to trick the CPU into speculatively executing instructions that leak sensitive kernel memory in a way they can observe through side channels. They built a scanner and found hundreds of ways to pull off the attack in the Linux kernel.
But the chipmakers don’t seem too worried. ARM says their existing Spectre mitigations are enough to stop SLAM. AMD said basically the same thing and didn’t bother putting out any new updates.
Intel was a little more proactive – they said they’ll give software developers guidance before launching the new LAM chips. But they didn’t act like it was a huge emergency either.
So in summary – new Spectre attack, works on upcoming chips from all the major vendors, researchers found lots of ways to exploit it, but the vendors are kinda shrugging it off saying they’ve already fixed this class of attacks. We’ll see if that holds up or if more mitigations are needed when the chips launch.