Arm’s Memory Tagging Extensions Need A Helping Hand

Say Hello To Speculative Execution Attacks, Again

We’ve been hearing a lot about speculative execution attacks, though until now it’s generally referred to issues with Intel and AMD processors.   Well, it seems Arm can join those two companies out on the very uncomfortable branch after researchers found ways to defeat MTE, which was Arm’s defense against those attacks.  Their research contradicts the findings of Google’s Project Zero, which announced that MTE works perfectly at stopping these sort of attacks.  You’d better hope Google was right, as these researchers claim to be able to defeat MTE 95% of the time, and do it in less than four seconds.

The code is available on GitHub, via a link from the story at The Register if you want to find out the truth.  The flaw is able to define MTE tags via Google Chrome on Android as well as the Linux kernel, once you have those tags you can then attempt to use memory exploits to gain access to the device.  This is just a first step in infection, but once you’ve figured out some of the tags on a device there are a number of exploits you can use.

Keep your eye out for more details as Google and Arm investigate.

Leave a Reply