Memory DisOrder: Memory Re-orderings as a Timerless Side-channel
Sean Siddens, Sanya Srivastava, Reese Levine, Josiah Dykstra, Tyler Sorensen
TL;DR
Memory DisOrder identifies a timerless side-channel that exploits memory re-orderings under relaxed memory models to infer cross-process activity on CPUs and GPUs, including across virtualization boundaries. The authors implement a comprehensive fuzzing campaign (Listener vs Stressor) across six devices and multiple frameworks to reveal reliable signals, then demonstrate practical attacks: a high-signal-rate covert channel on an Apple M3 GPU (up to 16 bps) and DNN architecture fingerprinting across CPUs and the M3-GPU. They also show that low-level architectural details can boost re-orderings dramatically (e.g., near 30k bps on X86 with arch-aware stress), suggesting broad implications for multi-tenant systems and hardware memory subsystems. The work further discusses mitigations (fencing, signal obfuscation, online detection) and ethical disclosures, highlighting that while DisOrder presents a low-barrier attack vector, precise defenses require deeper understanding of the underlying microarchitectural causes.
Abstract
To improve efficiency, nearly all parallel processing units (CPUs and GPUs) implement relaxed memory models in which memory operations may be re-ordered, i.e., executed out-of-order. Prior testing work in this area found that memory re-orderings are observed more frequently when other cores are active, e.g., stressing the memory system, which likely triggers aggressive hardware optimizations. In this work, we present Memory DisOrder: a timerless side-channel that uses memory re-orderings to infer activity on other processes. We first perform a fuzzing campaign and show that many mainstream processors (X86/Arm/Apple CPUs, NVIDIA/AMD/Apple GPUs) are susceptible to cross-process signals. We then show how the vulnerability can be used to implement classic attacks, including a covert channel, achieving up to 16 bits/second with 95% accuracy on an Apple M3 GPU, and application fingerprinting, achieving reliable closed-world DNN architecture fingerprinting on several CPUs and an Apple M3 GPU. Finally, we explore how low-level system details can be exploited to increase re-orderings, showing the potential for a covert channel to achieve nearly 30K bits/second on X86 CPUs. More precise attacks can likely be developed as the vulnerability becomes better understood.
