Intel and AMD CPUs alike could be affected by this alarming new cyberattack

News
By published

A Spectre-like vulnerability was found, but manufacturers believe it's already been fixed

A computer being guarded by cybersecurity.
(Image credit: iStock)

Academic researchers from the Vrije Universiteit Amsterdam have discovered a new Spectre-based flaw in several major upcoming CPU chips, but the hardware manufacturers are seemingly unfazed by the findings.

As reported by BleepingComputer researchers from the Systems and Network Security Group (VUSec Group) found a side-channel attack and dubbed it SLAM. It exploits hardware features being introduced in upcoming Intel, AMD, and Arm chips, allowing them to obtain root password hashes from the kernel memory. 

SLAM, short(ish) for “Spectre based on LAM” is described as a transient execution attack leveraging a memory feature that makes software use untranslated address bits in 64-bit linear addresses for storing metadata. All CPU manufacturers have this feature: on Intel devices, it’s Linear Address Masking (LAM), on AMD, it’s Upper Address Ignore (UAI), and on ARM, it’s Top Byte Ignore (TBI). 

Spectre v2 already mitigated, OEMs say

To pull off the attack, the researchers exploited a previously unanalyzed class of Spectre disclosure gadgets - code instructions that can be manipulated to trigger speculative execution which displays sensitive information. The information generated this way is usually discarded, but there are traces (altered cache states and such) that can be observed to extract important data. 

To observe the traces, the academics built a scanner and used it to find “hundreds” of exploitable gadgets on the Linux kernel. 

But hardware manufacturers don’t seem to be too fazed about the findings, with the majority believing they have already addressed the issue. ARM said its systems already mitigate against Spectre v2 and Spectre-BHB vulnerabilities, and as such need no additional checks. AMD’s comment was in the same vein and did not bother to release new updates. 

Intel, however, said it would provide software guidance before publishing new LAM-supported chips.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
An abstract image of a lock against a digital background, denoting cybersecurity.
Apple CPU security issue could let hackers steal user data from browsers
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
AMD logo
AMD patches high severity security flaw affecting Zen chips
AMD Ryzen 5 7600X processor
AMD confirms processor security flaws after Asus patch slips out early
Security
Intel slams Nvidia and AMD, claims chip giants have huge numbers of security flaws
Representational image depecting cybersecurity protection
Hackers are breaking SonicWall products to target business networks
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
iFi iDSD Valkyrie in gold, on a beige desk

iFi's iDSD Valkyrie DAC wants to guide your music to the great hall of Valhalla

See more latest
Most Popular
iFi iDSD Valkyrie in gold, on a beige desk
iFi's iDSD Valkyrie DAC wants to guide your music to the great hall of Valhalla
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns