Posted on Wednesday, June 10 2020 @ 13:11 CEST by Thomas De Maesschalck
ARM issued a warning that chips based on its ARMv8-A (Cortex-A) architecture are vulnerable to Straight-Line Speculation (CVE-2020-13844), a new side-channel speculative execution attack. It's basically another form of the original Spectre vulnerability but the actual security risk looks pretty low. Full details
at ZD Net.
However, while the SLS bug's description looks pretty bad, Arm says that at present, the security risk from an SLS attack is actually low.
"This would be difficult to exploit in practice, and a practical exploit has yet to be demonstrated," the chipmaker wrote in an SLS FAQ page. However, Arm says that the possibility of a successful practical attack "cannot be dismissed."
The bug was discovered last year. Since the time of its discovery, ARM has been working to supply patches to various software projects and operating systems, including FreeBSD, OpenBSD, Trusted Firmware-A, and OP-TEE. Furthermore, ARM also provided patches to GCC and LLVM, two of the most popular code compilers, to prevent developers from compiling potentially vulnerable code. ARM believes the patches are unlikely to have a performance impact.
