Memory Reordering Side-Channel Enables High-Bandwidth Covert Communication on CPUs and GPUs

Global: Memory Reordering Side-Channel Enables High-Bandwidth Covert Communication on CPUs and GPUs

Researchers have introduced a timerless side-channel, termed Memory DisOrder, that leverages relaxed memory ordering in modern parallel processors to infer activity from other processes. The technique was evaluated on a range of mainstream CPUs and GPUs, achieving covert channel rates up to 16 bits per second with 95 % accuracy on an Apple M3 GPU and approaching 30 kilobits per second on x86 CPUs after system-level optimizations.

Background on Relaxed Memory Models

Modern CPUs and GPUs commonly implement relaxed memory models that permit out‑of‑order execution of memory operations to improve performance. Prior research has shown that such re‑orderings become more frequent when multiple cores are active, suggesting that hardware optimizations intensify under memory‑system stress.

Comprehensive Fuzzing Across Architectures

The authors conducted an extensive fuzzing campaign covering x86, Arm, Apple CPUs, as well as NVIDIA, AMD, and Apple GPUs. The campaign identified cross‑process signal leakage on all tested platforms, confirming the broad applicability of the Memory DisOrder phenomenon.

Covert Channel Demonstrations

Using the identified leakage, the team built a covert channel that transmitted data without relying on traditional timers. On an Apple M3 GPU, the channel achieved a throughput of 16 bits per second while maintaining 95 % transmission accuracy, illustrating the practical viability of the approach.

Application Fingerprinting Capabilities

Beyond covert communication, Memory DisOrder was employed to fingerprint running applications. In closed‑world experiments, the method reliably identified deep‑neural‑network architectures on several CPUs and on the Apple M3 GPU, demonstrating its potential for passive reconnaissance.

Optimizing for Higher Bandwidth

The study further explored low‑level system configurations that amplify memory re‑ordering events. By adjusting such parameters, the researchers reported a covert channel bandwidth nearing 30 kilobits per second on x86 CPUs, suggesting that even higher rates may be achievable with refined techniques.

Implications and Future Directions

The findings highlight a previously underexplored attack surface in processor memory subsystems. While the current results are based on controlled experiments, the authors note that more precise attacks could emerge as the community gains a deeper understanding of the vulnerability.

This report is based on information from arXiv, licensed under Academic Preprint / Open Access. Based on the abstract of the research paper. Full text available via ArXiv.