Yesterday, the ITL NVD (Information Technology Laboratory National Vulnerability Database) updated the information recently released about a new vulnerability in the same category as the notorious vulnerabilities Specter and Meltdown.
Side Channel Attack Vulnerability, designated CVE-2020-13844, is common to Arm processors implementing Armv8-A. It allows an attacker to gain unauthorized access to data. We clarify that this requires local access to the system.
Like other side channel vulnerabilities, CVE-2020-13844 depends on the architecture used to predict branching to speed up program execution. The researchers found that with a certain change in the flow of instructions, the processor does not perform the transition, but begins to process instructions located in memory linearly. This error is called the Straight-Line Speculation (SLS) and it is in a huge number of processors. Actually, the vulnerability was discovered last year and since then Arm has had time to develop patches, which the company is already sending out to developers of firmware and operating systems. According to Arm, there are no known cases where attackers would take advantage of the vulnerability CVE-2020-13844, but even the low probability of attacks does not allow to exclude their possibility.