tags:mtemitigationkernelpixelspectre original link: TIKTAG: Breaking ARM’s Memory Tagging Extension with Speculative Execution newsletter link: exploits.club Weekly Newsletter 26
Exploits Club Summary:
Speaking of “mitigations” and “novel exploitation,” a paper released this week demonstrating how to break MTE via speculative execution. The team identified two new gadgets they deemed “TikTag-v1” and “TikTag-v2,” which can “leak the MTE tag of an arbitrary memory address.” The team demonstrated the vulnerability on Google Chrome and the Linux kernel via a Pixel 8 device. The paper’s second half evaluates these experiments, discussing reliability, feasibility, and potential mitigations.