Downfall Flaw: New Data Vulnerability in Intel’s Chips

Intel has recently addressed a processor vulnerability called "Downfall", which has affected several chip models from 2015 onwards. 

This vulnerability could potentially allow unauthorized users to bypass system protections and access private data on shared computers. Notably, Intel's latest generation processor remains unaffected.

What is the Downfall Vulnerability?

The vulnerability,  identified as CVE-2022-40982, discovered by Google researcher Daniel Moghimi, occurs in chip code that can use an instruction known as “Gather” to access scattered data more quickly in memory. 

Intel has named the flaw "Gather Data Sampling", following a method developed by Moghimi to exploit this vulnerability. 

The vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software. This allows untrusted software to access data stored by other programs, which should not be normally be accessible. Moghimi discovered that the Gather instruction, meant to speed up accessing scattered data in memory, leaks the content of the internal vector register file during speculative execution. 

“Memory operations to access data that is scattered in memory are very useful and make things faster, but whenever things are faster there’s some type of optimization—something the designers do to make it faster,” Moghimi says. “Based on my past experience working on these types of vulnerabilities, I had an intuition that there could be some kind of information leak with this instruction.”

Which Intel Processors are Affected?

The vulnerability affects the Skylake chip family, which Intel produced from 2015 to 2019; the Tiger Lake family, which debuted in 2020 and will discontinue early next year; and the Ice Lake family, which debuted in 2019 and was largely discontinued in 2021. 

Intel's current generation chips—including those in the Alder Lake, Raptor Lake, and Sapphire Rapids families—are not affected because attempts to exploit the vulnerability would be blocked by defenses Intel has added recently.

Should Users be Concerned?

While Intel ensures that the execution of Downfall attacks in real-world scenarios would be "complex". To exploit this vulnerability, Moghimi introduced Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques. 

According to the research paper, suggests that skilled attackers might exploit the vulnerability with enough motivation and resources. A hacker can target high-value credentials such as passwords and encryption keys. Recovering such credentials can lead to other attacks that violate the availability and integrity of computers in addition to confidentiality.

Fixes and Future Implications

Intel's upcoming fixes come with an option to disable them, keeping in mind potential performance impacts on specific enterprise workloads. However, Intel clarified that most users wouldn’t notice any significant decline in performance.

Rolling out these fixes isn't straightforward. Manufacturers using the affected chips must integrate Intel's code into their tailored patches, which end-users can then download. 

While Intel has streamlined this intricate process over the years, there is always a lag between vulnerability discovery and the issuance of fixes. Moghimi underscored the need for swifter response times in the hardware industry, given the vulnerability was disclosed to Intel a year ago.

“Over the past few years, the process with Intel has improved, but broadly in the hardware industry, we need agility in how we address and respond to these kinds of issues,” Moghimi says.

“Companies need to be able to respond faster and speed up the process of issuing firmware fixes, microcode fixes because waiting one year is a big window when anyone else could find and exploit this.”- he added.

Moghimi also notes that it is difficult to detect Downfall attacks because they mostly manifest as benign software activity. He adds, though, that it might be possible to develop a detection system that monitors hardware behavior for signs of abuse like unusual cache activity.

Video Demo

As the tech community digests the implications of Downfall, there's a silver lining. These episodes reiterate the need for continuous vigilance and innovation in the world of processors, benefiting users and the industry in the long run. Other manufacturers, even if unaffected directly by this flaw, can take cues to enhance verification and safeguard against potential vulnerabilities.

You can read the research paper written by Moghimi about the "DownlFall" flaw.