Downfall Intel CPU side-channel attack exposes sensitive data

Google researcher Daniel Moghimi devised a new side-channel attack technique, named Downfall, against Intel CPU.

Google researcher Daniel Moghimi devised a new side-channel attack technique Intel CPU, named Downfall, that relies on a flaw tracked as CVE-2022-40982.

An attacker can exploit this vulnerability to access and steal data from other users who share the same systems. Malware can carry out a Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages.

The attack could be more dangerous in cloud computing environments because the attacker could exploit the Downfall issue to steal sensitive data from other customers who share the same cloud computer.

“The vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software. This allows untrusted software to access data stored by other programs, which should not be normally be accessible.” wrote Moghimi. “I discovered that the Gather instruction, meant to speed up accessing scattered data in memory, leaks the content of the internal vector register file during speculative execution. To exploit this vulnerability, I introduced Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques.”

The researcher believes GDS is highly practical attack, he explained that was able to develop an end-to-end attack stealing encryption keys from OpenSSL in just two weeks. In the attack scenario devised by the expert, the attacker and victim share the same physical processor core, a circumstance which is frequent, implementing preemptive multitasking and simultaneous multithreading.

The vulnerability impacts Intel Xeon and Core processors released, the Intel SGX security feature is also impacted.

The flaw could theoretically be remotely exploited from the web browser, but demonstrating successful attacks “via web browsers requires additional research and engineering efforts.”

Intel informed customers that is releasing firmware updates to address the vulnerability.

“A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates and an optional software sequence to mitigate this potential vulnerability.” reads the advisory published by the chip maker.

Recently, researchers at ETH Zurich devised a new transient execution attack called Inception that can expose privileged secrets and data using unprivileged processes on all AMD Zen CPU.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Downfall)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.