The ARM architecture-based processors may face new cyberthreats due to the discovery of a new vulnerability. This vulnerability is said to be a variant of the Specter vulnerability, the infamous bug discovered in January 2018 that could lead to speculative execution side-channel attacks on widely-used modern processors.
The Straight-Line Speculation bug
- In June 2020, a new vulnerability dubbed Straight-Line Speculation (SLS) was discovered in the Armv8-A (Cortex-A) CPU architecture of ARM processors.
- It allows attackers to steal the additional branches of computations made by the processor in advance (i.e. speculative execution that fastens up the processor speed), via a side-channel attack.
- The bug, tracked as CVE-2020-13844, may sound like a critical threat, but the company said that it is difficult to exploit it in the wild, and there are no practical threats demonstrated so far.
SLS - Another variant of Spectre
SLS is considered as another form of Spectre vulnerability, the first major speculative execution vulnerability that impacted almost every computing system, including desktops, laptops, cloud servers, smartphones, etc.
- In January 2018, it was identified for the first time that the Spectre bug in the speculative execution technology (which is used in most processors including those by ARM), may have some drastic side effects, resulting in the leak of private data to attackers.
- ARM confirmed that SLS is another form of the original Spectre vulnerability, but with slightly different scope. The SLS bug impacts only Arm Armv-A processors, while the Spectre bug impacted CPUs from all major chipmakers.
Stay safe
The vendor has already released the patches for various software projects and operating systems, including FreeBSD, OpenBSD, Trusted Firmware-A, and OP-TEE. Additional mitigation steps were also provided by ARM in their whitepaper.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/da6d_shutterstock_1218078553.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_61987375.jpg)
