Reminiscence Integrity Enforcement goals to severely complicate the exploitation of reminiscence corruption vulnerabilities, significantly buffer overflows and use-after-free reminiscence bugs. It makes use of the CPU Arm Reminiscence Tagging Extension (MTE) specification revealed in 2019 and the next Enhanced Reminiscence Tagging Extension (EMTE) from 2022.
These chip-level mechanisms implement a reminiscence tagging and tag-checking system in order that any reminiscence allotted by a course of is tagged with a secret and any subsequent requests to entry that reminiscence must include the right secret. In easy phrases, exploiting reminiscence corruption flaws is all about gaining the power to put in writing malicious bytecode into reminiscence buffers already allotted by the system to an current course of — the susceptible software normally — in order that the method then executes your malicious code with its privileges. If the focused course of is a kernel part, you then obtained system stage arbitrary code execution privileges.
With MTE, attackers now should additionally discover the key tag in an effort to write inside tagged reminiscence buffers with out being flagged and have their goal course of terminated by the OS. Nevertheless, this know-how nonetheless had shortcomings and weaknesses, race situation home windows, points with asynchronus writes, facet channel assaults that might leak the tag resulting from timing variations and likewise CPU speculative execution assaults comparable to Spectre v1, which use CPU caches to leak information and probably MTE tags.
