A dedicated attacker could access sensitive data from privileged memory, e.g. DRAM or CPU cache
Next up on the list of chip makers vulnerable to exotic side-channel attacks: Arm, which says its Cortex-A57, A72, A73 and A75 processors have a bug that would let a malicious actor “improperly gather small bits of sensitive data from privileged memory (DRAM or CPU cache).”
The issue has been allocated CVE-2020-13844.
Side-channel attacks involve exploiting the way CPUs process data before an explicit instruction (to boost speed) then discard the unneeded computations. A dedicated attacker can, in theory, glean a lot from accessing that offloaded data. Remote exploitation for this CVE has not been demonstrated; it would apparently need local user access, but does cast a fresh light on the ongoing challenge of baking effective security into CPU design.
As with the Spectre-style vulnerabilities, first exposed in early January 2018, Arm says that it deems the security risk to be low “as this would be difficult to exploit in practice, and a practical exploit has yet to be demonstrated. However, the possibility cannot be dismissed.”
It has issued patches however, and unlike the Spectre mitigations, it says these do not hit processor performance: “In most cases we expect no direct impact on performance save for a reduction in code density.
“That said, secondary effects may include marginally increased pressures on the instruction caches and branch predictors due to the insertion of speculation barrier sequences and branch instructions.”
Raspberry Pi’s, millions of mobiles and IoT devices are likely to be affected by the issue, which was identified by Google’s Safeside team. (With over 55 percent of IoT devices reportedly using the password “12345”, IT teams may have more basic fish to fry, but the more security-conscious may like to take a closer look at Arm’s whitepaper and extensive Q&A).
Arm added: “Where threat modelling shows that this vulnerability needs to be mitigated in a particular project, that project will need to be recompiled using tools that are aware of and can mitigate against the vulnerability.”