Google researcher Daniel Moghimi devised a new side-channel attack technique Intel CPU, named Downfall, that relies on a flaw tracked as CVE-2022-40982.
An attacker can exploit this vulnerability to access and steal data from other users who share the same systems. Malware can carry out a Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages.
The attack could be more dangerous in cloud computing environments because the attacker could exploit the Downfall issue to steal sensitive data from other customers who share the same cloud computer.
“The vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software. This allows untrusted software to access data stored by other programs, which should not be normally be accessible.” wrote Moghimi. “I discovered that the Gather instruction, meant to speed up accessing scattered data in memory, leaks the content of the internal vector register file during speculative execution. To exploit this vulnerability, I introduced Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques.”
The researcher believes GDS is highly practical attack, he explained that was able to develop an end-to-end attack stealing encryption keys from OpenSSL in just two weeks. In the attack scenario devised by the expert, the attacker and victim share the same physical processor core, a circumstance which is frequent, implementing preemptive multitasking and simultaneous multithreading.
The vulnerability impacts Intel Xeon and Core processors released, the Intel SGX security feature is also impacted.
The flaw could theoretically be remotely exploited from the web browser, but demonstrating successful attacks “via web browsers requires additional research and engineering efforts.”
Intel informed customers that is releasing firmware updates to address the vulnerability.
“A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates and an optional software sequence to mitigate this potential vulnerability.” reads the advisory published by the chip maker.
Recently, researchers at ETH Zurich devised a new transient execution attack called Inception that can expose privileged secrets and data using unprivileged processes on all AMD Zen CPU.
(SecurityAffairs – hacking, Downfall)