For probabilistic Arm MTE (Memory Tagging Extension) solutions based on random tagging (e.g., the Linux kernel), the assumption is that, even if attackers manage to hijack a tagged victim pointer (e.g., via a buffer overflow) to reference a target object, they cannot predict whether the tag of the target object matches the pointer tag—hindering reliable exploitation. However, even without brute-forcing capabilities, if attackers can deduce which tags are assigned at runtime, then the random source of the tags has no added benefit.
We show that attackers can find MTE pointer/memory tag matches through speculative probing. More specifically, we show attackers can use a contention-based side channel to deduce whether or not a tag check results in a violation (i.e., tag mismatch).
In summary, the contention caused by tag mismatches provides attackers with a convenient side channel to determine whether a tag mismatch occurred. Crafting probe gadgets is relatively simple: an attacker needs to trigger the target software vulnerability on a speculative path and, unlike standard (and mitigated) Spectre, observe a microarchitectural signal from any independent memory operation within the speculation window.
Speculatively Probing for Random Tags (a.k.a. Spectre-MTE) is contained in the “Sticky Tags” paper here.