Aug 09, 2023 12:47:00

A vulnerability ``Downfall'' that may leak information to Intel CPUs is discovered, and the risk of extracting confidential information such as data and passwords

On August 8, 2023, Intel reported that a new vulnerability was found in the CPUs it sold from 2015 to 2020. Known as ' Downfall ,' this vulnerability is said to allow attackers to exfiltrate data and sensitive information if exploited.

INTEL-SA-00828

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html

Downfall

https://downfall.page/

'Downfall' vulnerability leaves billions of Intel CPUs at risk | CyberScoop

https://cyberscoop.com/downfall-intel-cpu-vulnerability/

Intel 'Downfall' Bug Steals Encryption Keys, Data From Years of CPUs | Tom's Hardware
https://www.tomshardware.com/news/intel-downfall-vulnerability

Named 'Downfall', the Common Vulnerability and Exposures (CVE-ID) for this vulnerability is ' CVE-2022-40982 '.

The CPUs affected by Downfall are those between Intel's 6th generation CPU ``Skylake'' released in 2015 and the 11th generation CPU ``Tiger Lake'' in 2020. Attackers are said to be able to steal another user's password, encryption key, and other sensitive data by exploiting Downfall.

'The vulnerability is caused by a memory optimization feature in Intel processors that unintentionally exposes internal hardware registers to software,' said Daniel Mogimi, a computer security expert at the University of California, San Diego. I will.” “This allows untrustworthy software to access data stored by other programs that it would normally not be able to access. It has been confirmed that the command to convert is leaking the contents of the file.'

Mogimi has released a demo video that uses Downfall to steal an AES key and view characters typed by another user. ``There is always a risk that these vulnerabilities will be discovered in CPUs with memory optimization functions,'' Mogimi warns.

``Even if you don't own a device with an Intel CPU, Intel CPUs are used in a variety of servers, so everyone on the Internet can be affected by Downfall,'' Mogimi said. there is,” warns. ``In environments with cloud computing, malicious users can exploit Downfall to steal data and sensitive information from other customers who share the same cloud computer,'' he said.

Intel

releases microcode for Linux with mitigation measures, and recommends updating the CPU to the latest firmware as a countermeasure and mitigation measure for Downfall.

On the other hand, Mogimi pointed out, ``This fix for Downfall does not address the root cause of the problem that the physical hardware is sharing data with other processes.''

An Intel spokesperson said, ``We have not confirmed any information leaks due to Downfall exploits so far, but it is very difficult to detect Downfall exploits.'' ``Downfall has been around since 2014, so there is concern that attackers may have discovered and attacked it before our discovery.''

Regarding Downfall, Mogimi said, ``I plan to give a lecture on Downfall at Black Hat USA 2023 on August 9, 2023 and at the USENIX security symposium on August 11, 2023.''