Memory Integrity Enforcement aims to severely complicate the exploitation of memory corruption vulnerabilities, particularly buffer overflows and use-after-free memory bugs. It makes use of the CPU Arm Memory Tagging Extension (MTE) specification published in 2019 and the subsequent Enhanced Memory Tagging Extension (EMTE) from 2022.
These chip-level mechanisms implement a memory tagging and tag-checking system so that any memory allocated by a process is tagged with a secret and any subsequent requests to access that memory need to contain the correct secret. In simple terms, exploiting memory corruption flaws is all about gaining the ability to write malicious bytecode into memory buffers already allocated by the system to an existing process — the vulnerable application usually — so that the process then executes your malicious code with its privileges. If the targeted process is a kernel component, then you obtained system level arbitrary code execution privileges.
With MTE, attackers now must also find the secret tag in order to write inside tagged memory buffers without being flagged and have their target process terminated by the OS. However, this technology still had shortcomings and weaknesses, race condition windows, issues with asynchronus writes, side channel attacks that could leak the tag due to timing differences and also CPU speculative execution attacks such as Spectre v1, which use CPU caches to leak data and potentially MTE tags.
