Request a Quote

Downfall Vulnerability Affects Millions of Intel CPUs With Strong Data Leak Impact

We Keep you Connected

Downfall Vulnerability Affects Millions of Intel CPUs With Strong Data Leak Impact

Downfall Vulnerability Affects Millions of Intel CPUs With Strong Data Leak Impact
Your email has been sent
Learn technical details about this newly disclosed security vulnerability, as well as mitigation recommendations from the Google researcher who discovered it.
Google researcher Daniel Moghimi discovered a new vulnerability affecting millions of Intel chip models. The vulnerability, dubbed Downfall by Moghimi, enables an attacker to steal sensitive data from victims if exploited successfully. Mitigation is provided by Intel for affected hardware, which includes computing devices based on Intel Core processors from the 6th Skylake to the 11th Tiger Lake generation.
Jump to:
The Intel advisory reports that CVE-2022-40982/Downfall is a hardware information disclosure vulnerability with medium severity.
According to Moghimi, the vulnerability is located in memory optimization features in Intel’s processors. Successful exploitation reveals internal hardware registers to software. Untrusted software could therefore access data stored by other software, which shouldn’t be possible.
More specifically, the researcher ” … discovered that the Gather instruction, meant to speed up accessing scattered data in memory, leaks the content of the internal vector register file during speculative execution.” He also stated that “The Gather instruction appears to use a temporal buffer shared across sibling CPU threads, and it transiently forwards data to later dependent instructions, and the data belongs to a different process and gather execution running on the same core.”
Moghimi published a detailed account of his research about the vulnerability, as well as the full Downfall source code. Intel released technical documentation on Gather Data Sampling, the name used by the company to refer to Downfall.
The Downfall vulnerability was first reported to Intel in August 2022 and kept under embargo until it was fixed. This reporting is inline with the coordinated vulnerability disclosure practice in which a vulnerability is publicly disclosed only after mitigations are available.
A few Downfall vulnerability exploitation scenarios have been tested successfully and provided by Moghimi in his research paper, in addition to showing videos of it on his website. The scenarios enable different types of data theft.
Moghimi has shown an attack aimed at the Advanced Encryption Standard executed by the OpenSSL command line tool. The tool is being executed on one virtual machine while the attack is run from another virtual machine on a sibling thread of the same CPU core.
He did his tests on 100 different AES keys; the success rate was 100% for AES-128 keys and 86% for AES-256 keys. This drop in the success rate can be bypassed by rerunning the attack multiple times to recover the complete key.
Arbitrary data at rest can also be stolen, as long as the attack runs on the same physical processor core as the victim.
As an example, Moghimi showed a video where he extracts data from a Linux kernel, but the attack could be used for extracting other data. In another video example, Moghimi showed it’s possible to spy on printable characters.
Moghimi wrote that a hacker can target high-value credentials such as passwords and encryption keys, which might lead to other attacks that violate the availability and integrity of computers.
Intel wrote that “Malicious software may be able to infer data previously stored in vector registers used by either the same thread, or the sibling thread on the same physical core. These registers may have been used by other security domains such as other virtual machine (VM) guests, the operating system (OS) kernel, or Intel® Software Guard Extensions (Intel® SGX) enclaves.”
Intel has released firmware updates and recommends that users of affected Intel processors update to the latest version firmware that addresses these issues.
For Intel SGX customers, the company advises updating the microcode located in platform flash designated by firmware interface table entry point 1.
Other mitigations are offered by Moghimi, although most have severe disadvantages:
Moghimi also recommends preventing transient forwarding of data after the Gather instruction, which can mitigate the Downfall attacks without the disadvantages of the previous mitigation propositions. This mitigation is the one that Intel implemented in its latest microcode update.
Disclosure: I work for Trend Micro, but the views expressed in this article are mine.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Downfall Vulnerability Affects Millions of Intel CPUs With Strong Data Leak Impact
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
Microsoft is also running a grant competition for ideas on using AI training in community building.
Generative AI will be a game changer in cloud security, especially in common pain points like preventing threats, reducing toil from repetitive tasks, and bridging the cybersecurity talent gap.
Does your business need a payroll provider that offers international payroll services? Use our buyer’s guide to review the best solutions, from ADP to Oyster.
Get up and running with ChatGPT with this comprehensive cheat sheet. Learn everything from how to sign up for free to enterprise use cases, and start using ChatGPT quickly and effectively.
Looking for an alternative to monday.com? Our comprehensive list covers the best monday alternatives, their key features, pricing, pros, cons and more.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Whether your business is a well-established powerhouse or just barely getting off the ground, you’re going to need a professional, functional and inviting website. No matter what business you’re in, it’s essential to have at least a minimum presence on the internet. Trying to conduct business without that presence places your organization at a great …
Whether your enterprise is dealing with a business environment measured on a global scale or one that is confined to the local level, you will always have to deal with people. Changing economic fortunes, social interaction and other factors too many to name can cause stress and, unfortunately, lead to people acting out in inappropriate …
Storage engineers take ownership and responsibility for the smooth operation of an organization’s communication and storage networks. This hiring kit from TechRepublic Premium provides a workable framework you can use to find the best candidate for your organization. From the hiring kit: According to Glassdoor, the salary for a storage engineer in the United States …
Your computer network is under constant attack. The hard reality is that one of those cyberattacks will succeed, and you had better be prepared. This quick glossary from TechRepublic Premium explains the terminology used by security experts as they attempt to reduce the damage caused by a successful attack. From the glossary: EVIDENCE COLLECTION POLICY …

source

 

Enterprise Guardian (EnGuard) specializes in HIPAA Compliant Email for the Healthcare Industry.
HIPAA Compliant Email, Telehealth & Cloud Made Easy.

 

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE