View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Arm Cortex CPUs Vulnerable to Newly Discovered Side-Channel Attack

A dedicated attacker could access sensitive data from privileged memory, e.g. DRAM or CPU cache

By CBR Staff Writer

Next up on the list of chip makers vulnerable to exotic side-channel attacks: Arm, which says its Cortex-A57, A72, A73 and A75 processors have a bug that would let a malicious actor “improperly gather small bits of sensitive data from privileged memory (DRAM or CPU cache).”

The issue has been allocated CVE-2020-13844.

Side-channel attacks involve exploiting the way CPUs process data before an explicit instruction (to boost speed) then discard the unneeded computations. A dedicated attacker can, in theory, glean a lot from accessing that offloaded data. Remote exploitation for this CVE has not been demonstrated; it would apparently need local user access, but does cast a fresh light on the ongoing challenge of baking effective security into CPU design.

As with the Spectre-style vulnerabilities, first exposed in early January 2018, Arm says that it deems the security risk to be low “as this would be difficult to exploit in practice, and a practical exploit has yet to be demonstrated. However, the possibility cannot be dismissed.”

New Intel CPU Vulnerability: Is “Load Value Injection” a Real Threat?

It has issued patches however, and unlike the Spectre mitigations, it says these do not hit processor performance: “In most cases we expect no direct impact on performance save for a reduction in code density.

“That said, secondary effects may include marginally increased pressures on the instruction caches and branch predictors due to the insertion of speculation barrier sequences and branch instructions.”

Raspberry Pi’s, millions of mobiles and IoT devices are likely to be affected by the issue, which was identified by Google’s Safeside team. (With over 55 percent of IoT devices reportedly using the password “12345”, IT teams may have more basic fish to fry, but the more security-conscious may like to take a closer look at Arm’s whitepaper and extensive Q&A).

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Arm added: “Where threat modelling shows that this vulnerability needs to be mitigated in a particular project, that project will need to be recompiled using tools that are aware of and can mitigate against the vulnerability.”

See also: Xilinx FPGAs are Vulnerable to “Unpatchable” Bug, Say Researchers

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.