Hacking

Downfall Intel CPU side-channel attack exposes sensitive data

Google researcher Daniel Moghimi devised a new side-channel attack technique, named Downfall, against Intel CPU.

Google researcher Daniel Moghimi devised a new side-channel attack technique Intel CPU, named Downfall, that relies on a flaw tracked as CVE-2022-40982.

An attacker can exploit this vulnerability to access and steal data from other users who share the same systems. Malware can carry out a Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages.

The attack could be more dangerous in cloud computing environments because the attacker could exploit the Downfall issue to steal sensitive data from other customers who share the same cloud computer.

“The vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software. This allows untrusted software to access data stored by other programs, which should not be normally be accessible.” wrote Moghimi. “I discovered that the Gather instruction, meant to speed up accessing scattered data in memory, leaks the content of the internal vector register file during speculative execution. To exploit this vulnerability, I introduced Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques.”

The researcher believes GDS is highly practical attack, he explained that was able to develop an end-to-end attack stealing encryption keys from OpenSSL in just two weeks. In the attack scenario devised by the expert, the attacker and victim share the same physical processor core, a circumstance which is frequent, implementing preemptive multitasking and simultaneous multithreading.

The vulnerability impacts Intel Xeon and Core processors released, the Intel SGX security feature is also impacted.

The flaw could theoretically be remotely exploited from the web browser, but demonstrating successful attacks “via web browsers requires additional research and engineering efforts.”

Intel informed customers that is releasing firmware updates to address the vulnerability.

“A potential security vulnerability in some Intel® Processors may allow information disclosure.  Intel is releasing firmware updates and an optional software sequence to mitigate this potential vulnerability.” reads the advisory published by the chip maker.

Recently, researchers at ETH Zurich devised a new transient execution attack called Inception that can expose privileged secrets and data using unprivileged processes on all AMD Zen CPU.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Downfall)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials

FBI warns ex-officials are targeted with deepfake texts and AI voice messages impersonating senior U.S.…

10 hours ago

Shields up US retailers. Scattered Spider threat actors can target them

Google warns that the cybercrime group Scattered Spider behind UK retailer attacks is now targeting…

13 hours ago

U.S. CISA adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog<gwmw style="display:none;"></gwmw>

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium, DrayTek routers, and SAP NetWeaver…

19 hours ago

Pwn2Own Berlin 2025 Day Two: researcher earned 150K hacking VMware ESXi

On day two of Pwn2Own Berlin 2025, participants earned $435,000 for demonstrating zero-day in SharePoint,…

1 day ago

New botnet HTTPBot targets gaming and tech industries with surgical attacks

New botnet HTTPBot is targeting China's gaming, tech, and education sectors, cybersecurity researchers warn. NSFOCUS …

1 day ago

Meta plans to train AI on EU user data from May 27 without consent

Meta plans to train AI on EU user data from May 27 without consent; privacy…

2 days ago