SLAM: a new Spectre technique

Many processor vendors provide a mechanism to allow some bits of a pointer
value to be used to store unrelated data; these include Intel's linear address masking (LAM), AMD's upper address ignore, and Arm's top-byte
ignore. A set of researchers has now come up with a way (that
they call 'SLAM') to use those features to bypass many checks on pointer
validity, opening up a new set of Spectre attacks.

In response to SLAM, Intel made plans to provide software guidance
prior to the future release of Intel processors which support LAM
(e.g., deploying LAM jointly with LASS). Linux engineers developed
patches to disable LAM by default until further guidance is
available. ARM published an advisory to provide guidance on future
TBI-enabled CPUs. AMD did not implement guidance updates and
pointed to existing Spectre v2 mitigations to address the SLAM
exploit described in the paper.

See the full
paper for the details.