“Downfall” bug affects years of Intel CPUs, can leak encryption keys and more


Enlarge / An Eighth-generation Intel Core desktop CPU, one in every of a number of CPU generations affected by the Downfall bug.

Mark Walton

It is a large week for CPU safety vulnerabilities. Yesterday, totally different safety researchers revealed particulars on two totally different vulnerabilities, one affecting a number of generations of Intel processors and one other affecting the most recent AMD CPUs. “Downfall” and “Inception” (respectively) are totally different bugs, however each contain trendy processors’ intensive use of speculative execution (a la the unique Meltdown and Spectre bugs), each are described as being of “medium” severity, and each could be patched both with OS-level microcode updates or firmware updates with fixes included.

AMD and Intel have each already launched OS-level microcode software program updates to deal with each points. Each corporations have additionally stated that they are not conscious of any energetic in-the-wild exploits of both vulnerability. Shopper, workstation, and server CPUs are all affected, making patching significantly necessary for server directors.

It is going to be as much as your PC, server, or motherboard producer to launch firmware updates with the fixes after Intel and AMD make them obtainable.

Intel’s Downfall

A DALL-E 2-generated logo for the

A DALL-E 2-generated emblem for the “Downfall” CPU vulnerability.

Daniel Moghimi/DALL-E 2

We’ll cowl the Downfall bug first, because it impacts a wider swath of processors.

Also called CVE-2022-40982, the Downfall bug exploits a flaw within the “Collect” instruction that affected Intel CPUs use to seize info from a number of locations in a system’s reminiscence. According to Google safety researcher Daniel Moghimi, the bug causes the CPU to “unintentionally reveal inside {hardware} registers to software program,” which “permits untrusted software program to entry information saved by different applications.” Moghimi’s proof-of-concept exhibits Downfall getting used to steal encryption keys from different customers on a given server, in addition to other forms of knowledge.

For programs that use Intel’s Software program Guard Extensions (SGX) reminiscence encryption, Intel’s microcode repair should be loaded through firmware; for programs with out SGX, the brand new microcode repair could be loaded through firmware or on the OS stage.

Moghimi has revealed a white paper (PDF) together with the Downfall website (and its DALL-E 2-generated emblem). He says he disclosed the bug to Intel a few yr in the past and describes Downfall as a “successor” to earlier speculative-execution bugs like Meltdown and Fallout.

In response to Intel’s assist pages—one here for the Downfall bug, one here that lays out the standing of a number of CVEs throughout Intel’s CPU lineup—Downfall impacts all processors based mostly on the Skylake, Kaby Lake, Whiskey Lake, Ice Lake, Comet Lake, Espresso Lake, Rocket Lake, and Tiger Lake architectures, together with a handful of others.

For these of you who cannot hold your lakes straight, which means most CPUs in Intel’s sixth by means of Eleventh-generation Core lineups for shopper PCs, offered beginning in 2015 and nonetheless obtainable in some new programs immediately. Downfall additionally impacts Xeon server and workstation processors and any Pentium and Celeron processors based mostly on those self same architectures.

Not affected are Intel’s newer Twelfth- and Thirteenth-generation CPU architectures (aka Alder Lake and Raptor Lake), low-end CPUs within the Atom, Pentium, and Celeron households (Apollo Lake, Jasper Lake, Gemini Lake, and others), or older CPU architectures like Haswell and Broadwell (presently solely formally supported in servers, but in addition utilized in 4th- and Fifth-generation Core CPUs for shopper PCs).

Intel says that mitigations for downfall can scale back efficiency for workloads that depend on the Collect instruction by as much as 50 p.c. There may be “an opt-out mechanism” that may disable the repair to revive full speeds, although Moghimi would not advocate utilizing it.

AMD’s Inception

If Downfall is a descendant of Meltdown, then Inception, also referred to as CVE-2023-20569, is a side-channel vulnerability descended from the Spectre bug. It is truly a mixture of assaults, one which makes the CPU suppose that it carried out a misprediction, and a second that makes use of the “phantom hypothesis” set off to “manipulate future mispredictions.” Extra element is on the market within the white paper (PDF).

The tip outcome, according to security researchers in ETH Zürich’s COMSEC group, is a vulnerability that “leaks arbitrary information” on affected Ryzen, Threadripper, and EPYC CPUs. The group revealed a proof-of-concept video by which they trigger a CPU utilizing AMD’s newest Zen 4 structure to leak a system’s root password.

Mitigating the chance considerably, AMD “believes this vulnerability is just probably exploitable regionally, akin to through downloaded malware.”

COMSEC says that the bug impacts “all AMD Zen CPUs,” however AMD itself says that Inception fixes are solely essential for processors utilizing Zen 3 or Zen 4-based CPU cores. This contains Ryzen 5000- and 7000-series desktop CPUs, some Ryzen 5000 and 7000-series laptop computer CPUs, all Ryzen 6000-series laptop computer GPUs, Threadripper Professional 5000WX workstation CPUs, and Third- and 4th-gen EPYC server CPUs. Some AGESA firmware updates for these chips can be found now, and others ought to be obtainable someday between now and December of 2023, and OS-level microcode updates can be found within the meantime.

If you happen to do have an older AMD processor, Zen 2-based Ryzen chips did get their very own speculative execution exploit simply final month, within the type of “Zenbleed.” This bug can be used to acquire encryption keys and different consumer info underneath particular circumstances. As with Inception, OS-level microcode fixes are already obtainable, however AMD could likewise take a couple of months to launch new firmware variations with the fixes included.

Source link