However, while the SLS bug's description looks pretty bad, Arm says that at present, the security risk from an SLS attack is actually low.The bug was discovered last year. Since the time of its discovery, ARM has been working to supply patches to various software projects and operating systems, including FreeBSD, OpenBSD, Trusted Firmware-A, and OP-TEE. Furthermore, ARM also provided patches to GCC and LLVM, two of the most popular code compilers, to prevent developers from compiling potentially vulnerable code. ARM believes the patches are unlikely to have a performance impact.
"This would be difficult to exploit in practice, and a practical exploit has yet to be demonstrated," the chipmaker wrote in an SLS FAQ page. However, Arm says that the possibility of a successful practical attack "cannot be dismissed."
ARM CPUs vulnerable to Straight-Line Speculation attack
Posted on Wednesday, June 10 2020 @ 13:11 CEST by Thomas De Maesschalck