Cutting-edge research in cybersecurity has unveiled a series of side-channel attacks with potential to expose sensitive data from the latest CPUs.
Termed as Collide+Power (CVE-2023-20583), Downfall (CVE-2022-40982), and Inception (CVE-2023-20569), these groundbreaking techniques emerge on the heels of another vulnerability spotlighting AMD’s Zen 2 architecture processors, branded as Zenbleed (CVE-2023-20593).
“Billions of contemporary processors in personal and cloud-based systems have a latent weakness exploited by Downfall attacks,” expressed Daniel Moghimi, a top-tier research scientist at Google. “This weakness permits unauthorized users to siphon data from co-users on a shared machine.”
Conceivably, a rogue application on a machine can leverage these methods, thereby jeopardizing confidential components such as encryption keys and passwords, rendering Intel’s Software Guard eXtensions (SGX) redundant.
At the heart of this issue are the memory optimization facets spearheaded by Intel in its chipsets, especially those incorporating AVX2 and AVX-512 instructions. This inadvertently lets dubious software breach protective barriers, accessing data safeguarded by distinct programs.
As Tavis Ormandy and Moghimi highlighted, “[Downfall and Zenbleed] breach the protective layer between software and hardware in contemporary processors, granting unauthorized users access to critical internal hardware data, which could span across various virtual environments and processes.”
Intel, in its response, classified Downfall (aka GDS) as a medium-level threat potentially leading to data exposure. To counter this, it plans to roll out a microcode patch, albeit potentially halving performance. A comprehensive list of affected models is accessible here.
Striking a balance between optimizing performance and ensuring security remains a pivotal challenge. “Performance-boosting features, when not implemented judiciously, can inadvertently pave the way for new security threats,” Ormandy and Moghimi observed.
Parallelly, Intel has initiated steps to rectify multiple vulnerabilities, one of which is a privilege escalation glitch rooted in the BIOS firmware for select Intel(R) Processors (CVE-2022-44611) resulting from inadequate input validation.
Joining the threat landscape is Inception, a technique with the capability to expose arbitrary kernel data across all AMD Zen CPUs, inclusive of the Zen 4 models.
Leveraging a blend of Phantom speculation (CVE-2022-23825) and Training in Transient Execution (TTE), Inception can disclose information akin to the methods employed in attacks like Spectre-V2 and Retbleed.
Last in this series but equally potent is the software-driven Collide+Power attack. Applicable to all CPUs, this method poses a risk of leaking arbitrary data between applications and any security domain.
Researchers from prominent institutions like the Graz University of Technology and CISPA Helmholtz Center for Information Security emphasized, “Shared CPU components, such as the internal memory system, amalgamate attacker and non-attacker data, leading to a fused leakage signal evident in power consumption.”
In essence, the attack is engineered to cause a clash between malware-induced data and confidential data of a victim application stored in the CPU cache memory. The solution, as the experts suggest, lies in hardware and software level interventions that either inhibit these data clashes or bar the attacker from accessing the power signals.