Update 6/11/2020 03:05 PT
We reached out to Eben Upton, Chief Executive of Raspberry Pi Trading for comment.
"We're aware of this issue, which at present appears to represent a very low risk to users. We're working to understand which cores are affected, and what the tradeoffs of applying mitigations are."
Original Article
Arm, the well known global semiconductor company who design the chips that power our daily lives, has issued guidance to software developers after a vulnerability in their ARMv8-A (Cortex-A) CPU was discovered. The vulnerability was identified following research from the Google SafeSide project, which explores attacks such as this.
Straight-line Speculation (SLS) is a speculative execution which exploits CPUs that access data in advance to increase performance, and then discard any unused computational branches. Side channel attacks such as this could enable malicious attackers to steal data from the CPU. In a answer from the Arm Developer FAQ page “Note that at present we deem the security risk to be low as this would be difficult to exploit in practice, and a practical exploit has yet to be demonstrated. However, the possibility cannot be dismissed which is why Arm is acting now.”
There are many devices featuring this processor which are affected by this bug, such as mobile devices, laptops and single board computers including the Raspberry Pi 4. Tom’s Hardware has reached out to the Raspberry Pi Foundation for comment, and will update this post when we have more information.
Patches to block this exploit have been issued by Arm engineers to various operating systems and open source software projects. Additional patches have been made for popular code compilers GCC and LLVM, which should not impact CPU performance.
Arm have released a whitepaper which provides greater detail on the cause and mitigation of the issue.
