Hardware prefetchers are an optimization in modern CPUs for predicting memory accesses and preemptively loading the corresponding value into the cache. Previous work showed that the internal state of hardware prefetchers can act as a side channel, leaking information across security boundaries such as processes, user and kernel space, and even trusted execution environments. In this paper, we present ShadowLoad, a new attack primitive to bring inaccessible victim data into the cache by injecting state into the hardware prefetcher. ShadowLoad relies on the inner working of the hardware stride prefetchers, which we automatically reverse-engineer using our tool StrideRE. We illustrate how ShadowLoad extends the attack surface of existing microarchitectural attacks such as Meltdown and software-based power analysis attacks like Collide+Power and how it can partially bypass L1TF mitigations. We further demonstrate FetchProbe, a novel stride prefetcher side-channel attack capable of leaking offsets of memory accesses with sub-cache-line granularity. We demonstrate FetchProbe on the side-channel hardened Base64 implementation of WolfSSL, showing that even real-world side-channel-hardened implementations can be attacked with our new attack.
International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS)
2025-03-30
2025-03-07