Today, a senior research scientist at Google devised a new CPU attack method that exploits a vulnerability that affects multiple Intel microprocessor families and allows theft of passwords, encryption keys, and data from users who share the same computer. Private data such as emails, messages or banking information.
The vulnerability, tracked as CVE-2022-40982, is a transient execution side-channel issue that affects all processors based on Intel microarchitecture Skylake to Ice Lake.
An attacker could exploit this security flaw to extract sensitive information protected by Software Guard Extensions (SGX). SGX is Intel's hardware-based memory encryption technology that separates code and data in memory from software on the system.
SGX is currently only supported on server central processing units and provides a trusted isolation environment for software that is inaccessible to even the operating system.
Collect secret data
Google researcher Daniel Moghimi, who discovered the flaw and reported it to Intel, said his downfall attack technique exploited the gather instruction to "expose the contents of an internal vector register file during speculative execution."
Gather is part of Intel processor memory optimization and is used to accelerate access to scattered data in memory. However, as Moghimi explains in a technical paper published today: "The gather instruction appears to use a temporary buffer shared across peer CPU threads, which temporarily forwards data to later dependent instructions, where the data belongs to a different process and run gather execution on the same core."
Moghimi developed two attack techniques, one is Gather Data Sampling (GDS) and the other is Gather Value Injection (GVI), which combines GDS with the Load Value Injection (LVI) technology disclosed in 2020.
By using GDS technology, Moghimi was able to steal AES 128-bit and 256-bit encryption keys on another virtual machine (VM) outside of the controlled VM, each on a sibling thread on the same CPU core.
The researchers were able to steal 8 bytes at once in 10 seconds, eventually successfully stealing the AES round key and combining them to break the encryption. For 100 different keys, AES-128 has a 100% first attack success rate. The first attack success rate against AES-256 is 86%.
The researchers noted that the failed attempt meant that recovering the entire key would require multiple runs of the attack, as the master key's data does not appear frequently within 10 seconds.
In addition to encryption keys, Moghimi also provides a variant of the GDS attack that can steal arbitrary data at rest because in both cases the CPU prefetches this information into SIMD register buffers.
Threat assessment and microcode performance impact
Moghimi noted that Downfall attacks require the attacker and the victim to be on the same physical processor core. However, it is possible for local programs such as malware to exploit this vulnerability to steal sensitive information.
Intel discovered the Downfall/GDS vulnerability last August, worked with Moghimi to research it, and is currently providing a microcode update to mitigate the issue.
Details about the vulnerability were kept secret for nearly a year to give original equipment manufacturers (OEMs) and communications service providers (CSPs) time to test and validate solutions and prepare necessary updates for their customers.
Intel told BleepingComputer that the issue does not affect Alder Lake, Raptor Lake, and Sapphire Rapids. The Downfall will affect the following three series of processors:
- Skylake 系列(Skylake、Cascade Lake、Cooper Lake、Amber Lake、Kaby Lake、Coffee Lake、Whiskey Lake、Comet Lake)
- Tiger Lake Series
- Ice Lake series (Ice Lake, Rocket Lake)
Vivek Tiwari, vice president of remediation and response engineering at Intel, believes that trying to exploit this outside of a controlled lab environment will be a complex endeavor.
Intel said in a statement to BleepingComputer that customers can review risk assessment guidance provided by the company and decide to disable microcode mitigation through available mechanisms in Windows and Linux and virtual machine managers (VMMs).
This decision may be made due to concerns about performance issues that Downfall/GDS mitigation measures may cause, or it may be because the issue does not pose a threat to the environment.
Intel provided customers with threat assessment and performance analysis information, concluding that the impact of this issue may be minimal in some environments. There is a potential impact in situations where collection instructions are executed frequently, which is unique to high-performance computing (HPC) environments.
However, the chipmaker said the issue may not be considered a threat in high-performance computing environments due to the conditions of the attack and the typical configuration of these environments.
For example, the attacker would need to be running on the same physical core as the target and be able to run untrusted code, etc., which are not common in these environments.
Software-based mitigations
To eliminate the risk of Downfall/GDS attacks, hardware needs to be redesigned. While software-based alternatives exist, these come with caveats and only provide a temporary solution to the problem. Moghimi proposes four such alternatives, three of which have significant disadvantages:
- Disabling simultaneous multithreading (SMT) partially mitigates GDS and GVI attacks, but cutting hyperthreading incurs a 30% performance penalty, and leaks across context switches still occur
- Disable affected instructions by the operating system and compiler to prevent them from leaking to the collection; the disadvantage is that some applications may be disrupted, and leaks can still occur if certain instructions are missed
- Disable collection. The disadvantage is that applications using this directive may become sluggish or even crash
- Downfall can be mitigated by preventing transient data forwarding after a collect instruction (adding a load fence, such as the lfence instruction), which is also the solution adopted by Intel in the latest microcode update.
However, Moghimi said creating such tools won't be easy because they require better coverage of the hardware and supported instructions, a challenging task given the hardware's complexity and proprietary hurdles.
The researcher released Downfall's code so that others could review and try it out. In addition, Daniel Moghimi also plans to discuss Downfall vulnerabilities and attack techniques at the Black Hat Security Conference in the United States.
Intel has issued a security advisory for CVE-2022-40982, which currently has a severity level of 6.5. Based on this vulnerability, the company also provided a technical document and an interview with Moghimi about Downfall.