argante More to study about bypassing MTE using speculative execution. Tested on ARMv8.5 devices (Google Pixel 8 and Pixel 8 pro).
TrustExecutor argante Very interesting. What are the real world implication of this in the context of GrapheneOS and hardened_malloc's implementation of MTE? @GrapheneOS
other8026 I don't personally know this stuff very well, but I think this is the same thing that's been asked here before. If so, here's a couple responses that may be helpful. The project was quoted by fid02 here: https://discuss.grapheneos.org/d/13612-tiktag-is-an-attack-on-arm-cpus-to-bypass-mte-protection/4 And the project responded in the same thread later on here: https://discuss.grapheneos.org/d/13612-tiktag-is-an-attack-on-arm-cpus-to-bypass-mte-protection/8