CVE-2023-33936: Vendor response to side-channel attacks targeting some Arm v8 CPUs (28th Nov 2023)

Preface: Prefetching means that monitors the memory access pattern of the running program and tries to predict what data the program will access next and prefetches that data.

The Spatial Memory Streaming, a practical on-chip hardware technique that identifies code- correlated spatial access patterns and streams predicted blocks to the primary cache ahead of demand misses.

Background: Software that performs secret-based memory access is vulnerable to well-known cache-based side channel attacks, which can be used to extract secrets based on memory access patterns.

Vulnerability details: Arm reserved CVE-2023-33936 for this issue, however, the Arm PSIRT is not aware of any implementation which strictly adheres to the earlier specification of FEAT_CSV2 and therefore no Arm-based CPUs are thought to be affected by this change. 

Security Focus: Under certain conditions, it may be possible for code in one hardware-defined context to leak to the speculative execution of code in a different hardware-defined context using virtual address-based cache prefetch predictions.

Affected Products: Under the new guidance in section B2.2.3.11 which will be updated in the next public release of the ArmARM, the Arm PSIRT is not aware of any products affected under the revised specification.

Official announcement: Please refer to the link for details –

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.