Imagining a future of universal access. Maybe a fair playing field of complete insecurity is more likely than the opposite. https://www.pcworld.com/article/2025589/downfall-serious-security-vulnerabil... UPDATED # Intel ‘Downfall’: Severe flaw in billions of CPUs leaks passwords and much more There is a serious security flaw in billions of Intel CPUs that can let attackers steal confidential data like passwords and encryption keys. Firmware updates can fix it, but at a potential significant performance loss. By Hans-Christian Dirscherl Redakteur, PCWorld AUG 12, 2023 7:00 AM PDT Well this is bad. “Downfall” is the name Daniel Moghimi, a security expert at Google, has given to a new vulnerability he has discovered in several generations of Intel processors. Attackers can exploit the vulnerability and read data from other programs and memory areas. The vulnerability has already been reported as CVE-2022-40982[1] and Intel confirmed the flaw here[2] . Moghimi reported the vulnerability to Intel on August 24, 2022, but only made the vulnerability public on August 9, 2023 so that Intel had time to release microcode updates that can fix the vulnerability. Update: Intel’s Downfall was closely followed by AMD’s Inception, a newfound security hole affecting all Ryzen and Epyc processors. The first independent testing of the mitigation microcode patches show that it can drastically lower performance in certain workloads. We’ve included details throughout this post. ## Intel’s ‘Downfall’ flaw is serious Moghimi explains the vulnerability in detail on a dedicated Downfall website[3], including some examples. According to him, billions of Intel processors are affected, which are used in private user computers as well as in cloud servers. The expert describes the possible consequences of the gap as follows: “This vulnerability, identified as CVE-2022-40982, enables a user to access and steal data from other users who share the same computer. For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages. Similarly, in cloud computing environments, a malicious customer could exploit the Downfall vulnerability to steal data and credentials from other customers who share the same cloud computer.” Daniel Moghimi ## How the Intel Downfall vulnerability works While you should check out Moghimi’s Downfall page for more detailed information, here’s a high-level description of the bug: “The vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software. This allows untrusted software to access data stored by other programs, which should not be normally be accessible.” Daniel Moghimi ## How to protect yourself from Intel Downfall Intel is already providing microcode updates to plug the security hole. “Intel recommends that users of affected Intel Processors update to the latest version firmware provided by the system manufacturer that addresses these issues,” the company says. This can lead to a loss of performance of up to 50 percent under certain circumstances, however, as Moghimi warns. Intel comments on the side effects of the microcode updates here[4]. The first independent testing of the mitigation microcode, by the specialist Linux site Phoronix, showed performance losses up to 39 percent in select server and ray tracing workloads. There’s an opt-out mechanism available to avoid applying the patch, but Intel claims most consumer software shouldn’t see much impact, outside of image and video editing workloads.. ## Which Intel processors are affected? Both consumer and server processors from Intel show the gap. For consumers, all PCs or laptops with Intel Core processors of the 6th “Skylake” generation up to and including the 11th-gen “Tiger Lake” chips contain the vulnerability. This means that the vulnerability has existed since at least 2015, when Skylake was released. Intel’s corresponding Xeon processors are also at risk to Downfall. Due to Intel’s dominant position in server processors, virtually every internet user could be affected, at least indirectly. Intel has published a list of all affected processors here[5]. You can read a detailed technical analysis by the Google security expert in this English-language PDF[6]. Intel’s newer 12th-gen and 13th-gen Core processors are not affected. [Here the article contains an AI search box with example questions regarding the vulnerability.] The downfall vulnerability now discovered is reminiscent of the legendary Meltdown and Spectre[7] vulnerabilities from 2018. Update: Intel’s Downfall was closely followed by AMD’s Inception: Many Ryzen CPUs from Intel’s archrival also have a serious security hole[8] that allows attackers to spy on third-party data. It is classified as CVE-2023-20569[9] and was discovered by scientists from ETH Zurich. Detailed information about this AMD vulnerability can be found on this website[10]. [ Here are some further links regarding Inception from [10]: Although TTE attacks are interesting, they are not necessarily trivial to pull off, due to the need for specific gadgets in the victim code. Instead of these hard-to-find gadgets, what if there was an easier way to achieve a transient window for training? This is where Phantom speculation comes in. Phantom (CVE-2022-23825[11]) enables an attacker to create a transient window at arbitrary instructions. Suddenly, a seemingly harmless XOR instruction can behave like a call instruction, and allow the attacker to create a transient window. … A paper[12] about Inception is going to be presented at USENIX Security 2023[13] and a paper[14] about Phantom speculation is going to be presented at MICRO 2023[15]. You can find the source code of Inception on our Github[16]. We will publish the source code of Phantom at a later date. ] According to the researchers, all Zen processors are affected. This means all Ryzen and Epyc CPUs released by AMD over the years contain the Inception security vulnerability. AMD recommends installing microcode updates. Microsoft distributed a Windows update in July that closes this gap. “AMD believes this vulnerability is only potentially exploitable locally, such as via downloaded malware, and recommends customers employ security best practices, including running up-to-date software and malware detection tools,” AMD says. This article was translated from German to English and originally appeared on pcwelt.de. It originally published on August 9, 2023, but was updated to mention AMD’s Inception bug and the first independent performance testing of the mitigation microcode. [ Here are more links regarding Downfall from [3]: [Q] How can I learn more about Downfall? [A] In addition to the technical paper[6], I am presenting Downfall at the BlackHat USA on August 9th, 2023[17] and USENIX Security Symposium on August 11, 2023[18]. [Q] Can I play with Downfall? [A] Here is the code: https://github.com/flowyroll/downfall/tree/main/POC[19] [Q] Why is this called Downfall? [A] Downfall defeats fundamental security boundaries in most computers and is a successor to previous data leaking vulnerabilities in CPUs including Meltdown[20] and Fallout (AKA MDS)[21]. In this trilogy, Downfall defeats all previous mitigations once again. [Q] How did you create the logo? [A] I used the DALL·E 2 AI[22] system to create the logo. ] 1: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982 2:: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00... 3: https://downfall.page/ 4: https://www.intel.com/content/www/us/en/developer/articles/technical/softwar... 5: https://www.intel.com/content/www/us/en/developer/topic-technology/software-... 6: https://downfall.page/media/downfall.pdf [attached] 7: https://www.pcworld.com/article/407763/intel-x86-cpu-kernel-bug-faq-how-it-a... 8: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html 9: https://nvd.nist.gov/vuln/detail/CVE-2023-20569 10: https://comsec.ethz.ch/research/microarch/inception/ 11: https://www.cve.org/CVERecord?id=CVE-2022-23825 12: https://comsec.ethz.ch/wp-content/files/inception_sec23.pdf [attached] 13: Link was broken, found from websearch, event already passed: https://www.usenix.org/conference/usenixsecurity23 14: https://comsec.ethz.ch/wp-content/files/phantom_micro23.pdf [attached] 15: Toronto, CA https://microarch.org/micro56/ 16: https://github.com/comsec-group/inception 17: https://www.blackhat.com/us-23/briefings/schedule/ 18: https://www.usenix.org/conference/usenixsecurity23/presentation/moghimi 19: https://github.com/flowyroll/downfall/tree/main/POC 20: https://meltdownattack.com/ 21: https://mdsattacks.com/ 22: https://openai.com/dall-e-2