Google researchers recently reported a vulnerability in Intel CPUs leading to a new “Downfall” side-channel attack. The attack seems a predecessor for the previously discovered Meltdown and Fallout flaws, leaking data. Following the report, Intel released a microcode firmware update to fix the vulnerability.
Downfall Attack Threatens Intel CPUs
Security researcher Daniel Moghimi shared insights about a severe vulnerability affecting Intel CPUs. Exploiting this vulnerability enabled Moghimi to devise a new side-channel attack “Downfall” that triggers data leak.
The vulnerability, CVE-2022-40982, affects the Intel CPUs’ microarchitecture, causing information disclosure to an authenticated adversary. The flaw exists in the memory optimization features exposing internal vector register files during speculative execution.
Executing this attack requires using the Gather instruction; hence the researcher devised two techniques, Gather Data Sampling (GDS) and Gather Value Injection (GVI), to demonstrate the exploit.
Although, detecting the Downfall attack is theoretically possible if a detection system scans hardware performance counters for anomalies like cache misses. However, most existing antivirus software cannot detect Downfall attacks.
On the other hand, executing this attack is “highly practical” for an adversary with a shared physical processor core can execute the attack. The attacker may deploy malware to execute this attack and steal sensitive data, such as passwords and encryption keys.
The researcher has shared a detailed technical analysis of the vulnerability and the Downfall attack in a separate research paper. Whereas users may also visit the specific web page created for this attack to learn more about Downfall, and find the PoC on GitHub.
Intel Released A Fix
The Downfall attack affects a large number of Intel processors, making various computers and laptops vulnerable globally. Moghimi explained that the vulnerability existed since 2014, but remained under the radar. Specifically, the vulnerability impacts Intel Core processors from the 6th Skylake through the 11th Tiger Lake generation.
Following the researcher’s report in August 2022, Intel worked on developing a fix for the flaw. Consequently, a year after the initial disclosure, the tech giant released a patch with the latest firmware updates for all devices, alongside sharing a detailed list of vulnerable CPUs, urging users to update their systems. Besides, Intel has also published a detailed security guide in this regard.
Let us know your thoughts in the comments.