Downfall (security vulnerability)

Last updated
Downfall
CVE identifier(s) CVE- 2022-40982
Affected hardware6-11th gen Intel Core CPUs
Website https://downfall.page/

Downfall, known as Gather Data Sampling (GDS) by Intel, [1] is a computer security vulnerability found in 6th through 11th generations of consumer and 1st through 4th generations of Xeon Intel x86-64 microprocessors. [2] It is a transient execution CPU vulnerability which relies on speculative execution of Advanced Vector Extensions (AVX) instructions to reveal the content of vector registers. [3] [4]

Contents

Vulnerability

Intel's Software Guard Extensions (SGX) security subsystem is also affected by this bug. [4]

The Downfall vulnerability was discovered by the security researcher Daniel Moghimi, who publicly released information about the vulnerability in August 2023, after a year-long embargo period. [5] [6]

Intel promised microcode updates to resolve the vulnerability. [1] The microcode patches have been shown to significantly reduce the performance of some heavily-vectorized loads. [7]

Patches to mitigate the effects of the vulnerability have also been created as part of the forthcoming version 6.5 release of the Linux kernel. [8] They include code to disable the AVX extensions entirely on CPUs for which microcode mitigation is not available. [9]

Vendor responses

Related Research Articles

In processor design, microcode serves as an intermediary layer situated between the central processing unit (CPU) hardware and the programmer-visible instruction set architecture of a computer. It consists of a set of hardware-level instructions that implement higher-level machine code instructions or control internal finite-state machine sequencing in many digital processing components. While microcode is utilized in general-purpose CPUs in contemporary desktops, it also functions as a fallback path for scenarios that the faster hardwired control unit is unable to manage.

<span class="mw-page-title-main">Sandy Bridge</span> Intel processor microarchitecture

Sandy Bridge is the codename for Intel's 32 nm microarchitecture used in the second generation of the Intel Core processors. The Sandy Bridge microarchitecture is the successor to Nehalem and Westmere microarchitecture. Intel demonstrated a Sandy Bridge processor in 2009, and released first products based on the architecture in January 2011 under the Core brand.

<span class="mw-page-title-main">Skylake (microarchitecture)</span> CPU microarchitecture by Intel

Skylake is Intel's codename for its sixth generation Core microprocessor family that was launched on August 5, 2015, succeeding the Broadwell microarchitecture. Skylake is a microarchitecture redesign using the same 14 nm manufacturing process technology as its predecessor, serving as a tock in Intel's tick–tock manufacturing and design model. According to Intel, the redesign brings greater CPU and GPU performance and reduced power consumption. Skylake CPUs share their microarchitecture with Kaby Lake, Coffee Lake, Cannon Lake, Whiskey Lake, and Comet Lake CPUs.

In computer security, virtual machine escape is the process of a program breaking out of the virtual machine on which it is running and interacting with the host operating system. A virtual machine is a "completely isolated guest operating system installation within a normal host operating system". In 2008, a vulnerability in VMware discovered by Core Security Technologies made VM escape possible on VMware Workstation 6.0.2 and 5.5.4. A fully working exploit labeled Cloudburst was developed by Immunity Inc. for Immunity CANVAS. Cloudburst was presented in Black Hat USA 2009.

Transactional Synchronization Extensions (TSX), also called Transactional Synchronization Extensions New Instructions (TSX-NI), is an extension to the x86 instruction set architecture (ISA) that adds hardware transactional memory support, speeding up execution of multi-threaded software through lock elision. According to different benchmarks, TSX/TSX-NI can provide around 40% faster applications execution in specific workloads, and 4–5 times more database transactions per second (TPS).

AVX-512 are 512-bit extensions to the 256-bit Advanced Vector Extensions SIMD instructions for x86 instruction set architecture (ISA) proposed by Intel in July 2013, and first implemented in the 2016 Intel Xeon Phi x200, and then later in a number of AMD and other Intel CPUs. AVX-512 consists of multiple extensions that may be implemented independently. This policy is a departure from the historical requirement of implementing the entire instruction block. Only the core extension AVX-512F is required by all AVX-512 implementations.

<span class="mw-page-title-main">Intel Management Engine</span> Autonomous computer subsystem

The Intel Management Engine (ME), also known as the Intel Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008. It is located in the Platform Controller Hub of modern Intel motherboards.

Intel Software Guard Extensions (SGX) is a set of instruction codes implementing trusted execution environment that are built into some Intel central processing units (CPUs). They allow user-level and operating system code to define protected private regions of memory, called enclaves. SGX is designed to be useful for implementing secure remote computation, secure web browsing, and digital rights management (DRM). Other applications include concealment of proprietary algorithms and of encryption keys.

<span class="mw-page-title-main">Meltdown (security vulnerability)</span> Microprocessor security vulnerability

Meltdown is one of the two original transient execution CPU vulnerabilities. Meltdown affects Intel x86 microprocessors, IBM POWER processors, and some ARM-based microprocessors. It allows a rogue process to read all memory, even when it is not authorized to do so.

<span class="mw-page-title-main">Spectre (security vulnerability)</span> Processor security vulnerability

Spectre refers to one of the two original transient execution CPU vulnerabilities, which involve microarchitectural timing side-channel attacks. These affect modern microprocessors that perform branch prediction and other forms of speculation. On most processors, the speculative execution resulting from a branch misprediction may leave observable side effects that may reveal private data to attackers. For example, if the pattern of memory accesses performed by such speculative execution depends on private data, the resulting state of the data cache constitutes a side channel through which an attacker may be able to extract information about the private data using a timing attack.

Speculative Store Bypass (SSB) is the name given to a hardware security vulnerability and its exploitation that takes advantage of speculative execution in a similar way to the Meltdown and Spectre security vulnerabilities. It affects the ARM, AMD and Intel families of processors. It was discovered by researchers at Microsoft Security Response Center and Google Project Zero (GPZ). After being leaked on 3 May 2018 as part of a group of eight additional Spectre-class flaws provisionally named Spectre-NG, it was first disclosed to the public as "Variant 4" on 21 May 2018, alongside a related speculative execution vulnerability designated "Variant 3a".

Lazy FPU state leak, also referred to as Lazy FP State Restore or LazyFP, is a security vulnerability affecting Intel Core CPUs. The vulnerability is caused by a combination of flaws in the speculative execution technology present within the affected CPUs and how certain operating systems handle context switching on the floating point unit (FPU). By exploiting this vulnerability, a local process can leak the content of the FPU registers that belong to another process. This vulnerability is related to the Spectre and Meltdown vulnerabilities that were publicly disclosed in January 2018.

<span class="mw-page-title-main">Foreshadow</span> Hardware vulnerability for Intel processors

Foreshadow, known as L1 Terminal Fault (L1TF) by Intel, is a vulnerability that affects modern microprocessors that was first discovered by two independent teams of researchers in January 2018, but was first disclosed to the public on 14 August 2018. The vulnerability is a speculative execution attack on Intel processors that may result in the disclosure of sensitive information stored in personal computers and third-party clouds. There are two versions: the first version (original/Foreshadow) targets data from SGX enclaves; and the second version (next-generation/Foreshadow-NG) targets virtual machines (VMs), hypervisors (VMM), operating systems (OS) kernel memory, and System Management Mode (SMM) memory. A listing of affected Intel hardware has been posted.

Spoiler is a security vulnerability on modern computer central processing units that use speculative execution. It exploits side-effects of speculative execution to improve the efficiency of Rowhammer and other related memory and cache attacks. According to reports, all modern Intel Core CPUs are vulnerable to the attack as of 2019. AMD has stated that its processors are not vulnerable.

<span class="mw-page-title-main">Microarchitectural Data Sampling</span> CPU vulnerabilities

The Microarchitectural Data Sampling (MDS) vulnerabilities are a set of weaknesses in Intel x86 microprocessors that use hyper-threading, and leak data across protection boundaries that are architecturally supposed to be secure. The attacks exploiting the vulnerabilities have been labeled Fallout, RIDL, ZombieLoad., and ZombieLoad 2.

Transient execution CPU vulnerabilities are vulnerabilities in a computer system in which a speculative execution optimization implemented in a microprocessor is exploited to leak secret data to an unauthorized party. The archetype is Spectre, and transient execution attacks like Spectre belong to the cache-attack category, one of several categories of side-channel attacks. Since January 2018 many different cache-attack vulnerabilities have been identified.

SWAPGS, also known as Spectre variant 1, is a computer security vulnerability that utilizes the branch prediction used in modern microprocessors. Most processors use a form of speculative execution, this feature allows the processors to make educated guesses about the instructions that will most likely need to be executed in the near future. This speculation can leave traces in the cache, which attackers use to extract data using a timing attack, similar to side-channel exploitation of Spectre.

<span class="mw-page-title-main">Alder Lake</span> Intel microprocessor family

Alder Lake is Intel's codename for the 12th generation of Intel Core processors based on a hybrid architecture utilizing Golden Cove performance cores and Gracemont efficient cores. It is fabricated using Intel's Intel 7 process, previously referred to as Intel 10 nm Enhanced SuperFin (10ESF). The 10ESF has a 10%-15% boost in performance over the 10SF used in the mobile Tiger Lake processors. Intel officially announced 12th Gen Intel Core CPUs on October 27, 2021. Intel officially announced 12th Gen Intel Core mobile CPUs and non-K series desktop CPUs on January 4, 2022. Intel officially announced the launch of Alder Lake-P and -U series on February 23, 2022, and Alder Lake-HX series on May 10, 2022.

<span class="mw-page-title-main">Hertzbleed</span>

Hertzbleed is a hardware security attack which describes exploiting dynamic frequency scaling to reveal secret data. The attack is a kind of timing attack, bearing similarity to previous power analysis vulnerabilities. Hertzbleed is more dangerous than power analysis, as it can be exploited by a remote attacker. Disclosure of cryptographic keys is the main concern regarding the exploit.

Retbleed is a speculative execution attack on x86-64 and ARM processors, including some recent Intel and AMD chips. First made public in 2022, it is a variant of the Spectre vulnerability which exploits retpoline, which was a mitigation for speculative execution attacks.

References

  1. 1 2 "Gather Data Sampling / CVE-2022-40982 / INTEL-SA-00828". Intel. Retrieved 2023-08-08.
  2. "Affected Processors: Transient Execution Attacks & Related Security..." Intel. Retrieved 2023-08-16.
  3. Newman, Lily Hay. "New 'Downfall' Flaw Exposes Valuable Data in Generations of Intel Chips". Wired. ISSN   1059-1028 . Retrieved 2023-08-08.
  4. 1 2 Ilascu, Ionut (2023-08-08). "New Downfall attacks on Intel CPUs steal encryption keys, data". BleepingComputer. Retrieved 2023-08-08.
  5. Wright, Rob (2023-08-08). "Google unveils 'Downfall' attacks, vulnerability in Intel chips". Security. Retrieved 2023-08-08.
  6. Larabel, Michael (2023-08-08). "Intel DOWNFALL: New Vulnerability Affecting AVX2/AVX-512 With Big Performance Implications". www.phoronix.com. Retrieved 2023-08-08.
  7. Liu, Zhiye (2023-08-10). "Intel's Downfall Mitigations Drop Performance Up to 39%, Tests Show". Tom's Hardware. Retrieved 2023-08-11.
  8. Larabel, Michael (2023-08-08). "Linux 6.5 Patches Merged For Intel GDS/DOWNFALL, AMD INCEPTION". www.phoronix.com. Retrieved 2023-08-09.
  9. Corbet, Jonathan (August 8, 2023). "Another round of speculative-execution vulnerabilities". lwn.net. Retrieved 2023-08-11.
  10. "CVE-2022-40982 - Gather Data Sampling - Downfall". Amazon Web Services, Inc. 2023-08-08.
  11. "Citrix Hypervisor Security Bulletin for CVE-2023-20569, CVE-2023-34319 and CVE-2022-40982". support.citrix.com.
  12. "DSA-2023-180: Security Update for Intel Product Update 2023.3 Advisories | Dell US". www.dell.com.
  13. "CVE-2022-40982". security-tracker.debian.org.
  14. "Security Bulletins | Customer Care". Google Cloud.
  15. "Intel 2023.3 IPU – BIOS August 2023 Security Updates | HP® Customer Support".
  16. "INTEL-SA-00828". Intel. 2023-08-08.
  17. "Multi-vendor BIOS Security Vulnerabilities (August 2023) - Lenovo Support US". support.lenovo.com.
  18. "KB5029778: How to manage the vulnerability associated with CVE-2022-40982 - Microsoft Support". support.microsoft.com. Retrieved 2023-09-06.
  19. "QSB-093: Transient execution vulnerabilities in AMD and Intel CPUs (CVE-2023-20569/XSA-434, CVE-2022-40982/XSA-435)". Qubes OS Forum. August 9, 2023.
  20. "cve-details". access.redhat.com.
  21. "Intel Platform Update (IPU) Update 2023.3, August 2023 | Supermicro". www.supermicro.com.
  22. "CVE-2022-40982". Ubuntu.
  23. https://blogs.vmware.com/security/2023/08/cve-2022-40982.html
  24. "oss-sec: Xen Security Advisory 435 v1 (CVE-2022-40982) - x86/Intel: Gather Data Sampling". seclists.org.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.