A recent discovery by a senior research scientist at Google has unveiled a critical vulnerability named Downfall that exploits Intel CPUs, allowing threat actors to pilfer sensitive data such as passwords, encryption keys, emails, and banking information from compromised systems. The flaw, officially tracked as CVE-2022-40982, manifests as a transient execution side-channel issue, impacting a wide range of Intel microprocessor families, including Skylake through Ice Lake architectures.
This vulnerability poses a significant risk as it enables unauthorized access to information that is safeguarded by Intel’s hardware-based memory encryption, known as Software Guard eXtensions (SGX), which creates a secure enclave inaccessible even to the operating system.
The Google researcher behind this discovery, Daniel Moghimi, has meticulously demonstrated that his Downfall attack methods capitalize on the gather instruction, which leaks internal vector register file contents during speculative execution. This technique exploits a vulnerability present in memory optimizations of Intel processors, allowing attackers to gain access to data across sibling CPU threads running on the same core.
With two Downfall attack variations—Gather Data Sampling (GDS) and Gather Value Injection (GVI)—Moghimi was able to successfully pilfer AES cryptographic keys and even steal arbitrary data, alluding to the severity of the issue. Moghimi’s work emphasizes that addressing the root cause is essential to avoid further vulnerabilities being unearthed through automated testing.
Intel has responded to the Downfall vulnerability by collaborating with Moghimi on a microcode update to mitigate the risk. The vulnerability had been kept under wraps for almost a year to allow original equipment manufacturers and communication service providers to validate and implement necessary updates.
While Intel maintains that Downfall does not affect certain processor families, it still impacts a broad range of CPUs, including Skylake, Tiger Lake, and Ice Lake architectures. The chipmaker has provided both threat assessment and performance analysis to guide customers in deciding whether to implement the microcode mitigation, given potential performance impacts. As the industry grapples with the complex task of addressing the vulnerability’s root cause, the gravity of the situation calls for robust and diligent efforts to secure Intel CPUs against the potential cascade of exploits.
