memory integrity enforcement It is intended to severely complicate the exploitation of memory corruption vulnerabilities, particularly buffer overflow and use-after-free memory bugs. It uses the CPU Arm Memory Tagging Extension (MTE) specification published in 2019 and the subsequent Enhanced Memory Tagging Extension (eMTE) from 2022.
These chip-level mechanisms implement a memory tagging and tag-checking system so that any memory allocated by a process is tagged with a secret and any subsequent request to access that memory is required to include the correct secret. In simple terms, exploiting a memory corruption flaw means gaining the ability to write malicious bytecode into memory buffers already allocated by the system for an existing process – usually the vulnerable application – so that the process can execute your malicious code with its privileges intact. If the targeted process is a kernel component, you have gained arbitrary code execution privileges at the system level.
With MTE, attackers now also have to find covert tags to write unflagged inside tagged memory buffers and have their target process terminated by the OS. However, this technique still had shortcomings and vulnerabilities, including race condition windows, problems with asynchronous writes, side channel attacks that could leak tags due to timing differences and also CPU speculative execution attacks like Specter v1, which uses the CPU cache to leak data and potentially MTE tags.
