Modern x86 processors support an AVX instruction set to boost performance. However, this extension may cause security issues. We discovered that there are vulnerable properties in implementing masked load/store instructions. Based on this, we present a novel AVX timing side-channel attack that can defeat address space layout randomization. We demonstrate the significance of our attack by showing User and Kernel ASLR breaks on the recent Intel and AMD processors in various environments, including cloud computing systems, an SGX enclave (a fine-grained ASLR break), and major operating systems. We further demonstrate that our attack can be used to infer user behavior, such as Bluetooth events and mouse movements. We highlight that stronger isolation or more fine-grained randomization should be adopted to successfully mitigate our presented attacks.

翻译：现代x86处理器支持AVX指令集以提高性能。然而，这个扩展可能会带来安全问题。我们发现了实现掩码加载/存储指令的容易受攻击属性。基于此，我们提出了一种新的AVX时序侧信道攻击，可以打败地址空间布局随机化。我们在各种环境中展示了我们攻击的重要性，包括云计算系统、一个SGX保险箱(一种精细的ASLR破解)和主要操作系统上的用户和内核ASLR破解。我们进一步证明了我们的攻击可以用于推断用户行为，例如蓝牙事件和鼠标移动。我们强调，为了成功地缓解我们提出的攻击，应采用更强的隔离或更精细的随机化。