This work proposes a timerless cross-process side-channel attack that exploits processor memory reordering behavior to infer the activity of other processes. Through systematic fuzzing, the study reveals the sensitivity of memory reordering in mainstream CPUs and GPUs to concurrent workloads and demonstrates how this phenomenon can be transformed into a detectable signal. The authors innovatively harness memory reordering as a practical side channel, enabling both covert communication and fingerprinting of deep neural network (DNN) architectures. Experimental results show a covert channel achieving 16 bps with 95% accuracy on an Apple M3 GPU and a potential throughput approaching 30 Kbps on x86 CPUs. Furthermore, the technique successfully performs DNN architecture fingerprinting across multiple platforms.

To improve efficiency, nearly all parallel processing units (CPUs and GPUs) implement relaxed memory models in which memory operations may be re-ordered, i.e., executed out-of-order. Prior testing work in this area found that memory re-orderings are observed more frequently when other cores are active, e.g., stressing the memory system, which likely triggers aggressive hardware optimizations. In this work, we present Memory DisOrder: a timerless side-channel that uses memory re-orderings to infer activity on other processes. We first perform a fuzzing campaign and show that many mainstream processors (X86/Arm/Apple CPUs, NVIDIA/AMD/Apple GPUs) are susceptible to cross-process signals. We then show how the vulnerability can be used to implement classic attacks, including a covert channel, achieving up to 16 bits/second with 95% accuracy on an Apple M3 GPU, and application fingerprinting, achieving reliable closed-world DNN architecture fingerprinting on several CPUs and an Apple M3 GPU. Finally, we explore how low-level system details can be exploited to increase re-orderings, showing the potential for a covert channel to achieve nearly 30K bits/second on X86 CPUs. More precise attacks can likely be developed as the vulnerability becomes better understood.