This issue may be referred to as “Downfall” or CVE-2022-40982, which is its identifier in the public database of disclosed vulnerabilities.
Intel “Downfall” (as it was named by the person who discovered it) is a security flaw present in Intel processors from 6th Gen Skylake through 11th Gen Elkhart Lake. This vulnerability allows a user on a shared machine to access data from other users on that machine. The vulnerability can be used to acquire user data including passwords and encryption keys. Firmware updates can fix it, but they come with a potential impact to performance.
- CPUs Impacted: 6th Gen Skylake through 11th Gen Elkhart Lake CORE, Celeron, Pentium and Xeon.
- Timeline: Discovered and shared with Intel on August 24th, 2022, only publicly disclosed on August 8th, 2023 to allow time for Intel to create and distribute bug fixes.
- How Systems are impacted: Direct access to devices is required to exploit this vulnerability. Cloud-based systems create broader vulnerabilities to those accessing those systems remotely:
- “This vulnerability, identified as CVE-2022-40982, enables a user to access and steal data from other users who share the same computer. For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages. Similarly, in cloud computing environments, a malicious customer could exploit the Downfall vulnerability to steal data and credentials from other customers who share the same cloud computer.” (source)
- The bug causes the CPU to “unintentionally reveal internal hardware registers to software,” which “allows untrusted software to access data stored by other programs.” Moghimi’s proof-of-concept shows Downfall being used to steal encryption keys from other users on a given server, as well as other kinds of data. ~Daniel Moghimi, Google security expert to discovered the issue (source)
- Intel Recommended Action: Update firmware on affected systems.
- For systems that use Intel’s Software Guard Extensions (SGX) memory encryption, Intel’s microcode fix must be loaded via firmware; for systems without SGX, the new microcode fix can be loaded via firmware or at the OS level. (source)
- Performance impact of recommended action: “When the mitigation is enabled, there is additional latency before results of the gather load can be consumed. Although the performance impact to most workloads is minimal, specific workloads may show performance impacts of up to 50%. Depending on their threat model, customers can decide to opt-out of the mitigation.” (source)