Wednesday, June 10th 2020

Arm CPUs Impacted by Straight-Line Speculation (SLS) Vulnerability

When Spectre and Meltdown were discovered, the whole industry got on its legs and started to question CPU security more seriously. There are a plethora of attacks that exploit the CPU function called branch prediction, which predicts paths of code execution so it can ready them and execute them faster. This approach is one part of the microarchitectural techniques used to add performance to the CPU design. However, nothing comes without a cost. Despite adding more performance, the branch prediction had taken a toll on the security of CPUs, making them vulnerable to side-channel attacks. Spectre and Meltdown where both discovered in 2018 and they impact millions of CPUs around the world.

Today, a new side-channel vulnerability was discovered, and on Arm CPUs. Called the Straight-Line Speculation (SLS), the speculation bug is haunting all of Arm Armv-A based processors. This represents a wide range of devices being powered by these CPUs, so Arm is taking action to prevent it. The way SLS works is that whenever there is a change in instruction flow, the CPU just starts processing instructions found linearly in memory, instead of changing the path of flow. This action is resulting in a new SLS vulnerability marked as CVE-2020-13844. The vulnerability was discovered by Google SafeSide project last year and they have reported it to Arm. In the meantime, Arm was working on a fix and they already send them upstream to important operating systems and firmware suppliers so it can be resolved. Arm says that the chances of this attack are low, however, they can not be dismissed.
Arm CPU
Add your own comment

12 Comments on Arm CPUs Impacted by Straight-Line Speculation (SLS) Vulnerability

#1
AsRock
TPU addict
This effect AMD's PSP ?.
Posted on Reply
#2
AleksandarK
AsRock
This effect AMD's PSP ?.
I don't know much about AMD's PSP. I don't see it being mentioned anywhere with this bug so i think it is safe. If i find anything i will report on it. :)
Posted on Reply
#3
Caring1
"new SLS vulnerability marked as CVE-2020"

I see that as Covid 2020
Even CPUs aren't immune.
Posted on Reply
#5
Vayra86
Caring1
"new SLS vulnerability marked as CVE-2020"

I see that as Covid 2020
Even CPUs aren't immune.
I suppose that's two weeks of no internet for it!
Posted on Reply
#6
R-T-B
AsRock
This effect AMD's PSP ?.
It's arm based but it's so locked down I don't know how you'd execute the exploit. It'd be hard as hell, but once someone figures it out: Yes, certainly. It fits the bill to be affected.
Posted on Reply
#7
silentbogo
R-T-B
It's arm based but it's so locked down I don't know how you'd execute the exploit. It'd be hard as hell, but once someone figures it out: Yes, certainly. It fits the bill to be affected.
If PSP is still just a straightforward Cortex-A5, then it's not affected (so far).
Though, there are still exploitable holes in PSP firmware (and many undiscovered, since it's closed-source and barely documented).
Posted on Reply
#8
R-T-B
silentbogo
If PSP is still just a straightforward Cortex-A5, then it's not affected (so far).
Thought it was an Armv7A. Might be wrong (probably am, actually).
silentbogo
and many undiscovered, since it's closed-source and barely documented
#ThanksQualcomm
Posted on Reply
#9
silentbogo
R-T-B
Thought it was an Armv7A.
Cortex-A5 is ARMv7-a. But that's for older CPUs/APUs. With Zen it's probably running on magic unicorns, cause once again - no one knows/secret/proprietary/undocumented.
Posted on Reply
#11
R-T-B
silentbogo
With Zen it's probably running on magic unicorns, cause once again - no one knows/secret/proprietary/undocumented.
It's based on a quqlcomm TrustZone solution from smartphoneland, which is designed to run on lowend reference arm cores.

Honestly, I'd be shocked if it wasn't.
remixedcat
ARM based router SoCs anyone?
Inefficient for routing, but through enough Ghz at the problen and they work. I had a marvell based one that ran around 1gbps on my line no prob, albeit at 2Ghz core clock...
Posted on Reply
Add your own comment