Security News > 2023 > August > Downfall attacks can gather passwords, encryption keys from Intel processors

Downfall attacks can gather passwords, encryption keys from Intel processors
2023-08-09 09:59

A variety of Intel Core processors and the devices using them are vulnerable to "Downfall", a new class of attacks made possible by CVE-2022-40982, which enables attackers to access and steal sensitive data such as passwords, encryption keys, and private data from other users on the same personal or cloud computer.

" is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software.

"It took me 2 weeks to develop an end-to-end attack stealing encryption keys from OpenSSL. It only requires the attacker and victim to share the same physical processor core, which frequently happens on modern-day computers, implementing preemptive multitasking and simultaneous multithreading."

Desktop computers, laptops, tablets, cloud servers and other devices using Intel Core processors from the Skylake chip family, the Tiger Lake family, and the Ice Lake family are affected.

They have now released a microcode update that blocks transient results of gather instructions and prevents attacker code from observing speculative data from the Gather instruction.

"The attack technique we demonstrated can broadly apply, even though each vendor implements Gather and SIMD register buffers differently. Our preliminary tests on AMD Zen2 showed no sign of data leaks, but we plan to continue our investigation of automated and scalable testing of other CPUs manufactured by Intel and different vendors. Intel has shared the paper with other CPU and software vendors so that those organizations can assess the impact on their products."


News URL

https://www.helpnetsecurity.com/2023/08/09/downfall-cve-2022-40982/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-08-11 CVE-2022-40982 Information Exposure Through Discrepancy vulnerability in multiple products
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
redhat xen intel debian netapp CWE-203
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Intel 6314 31 755 708 45 1539