Shulou(Shulou.com)11/24 Report--

Thanks to CTOnews.com netizens imisaka and Wu Yanzu in South China for their clue delivery! CTOnews.com, August 9, just as AMD CPU exposed Inception vulnerabilities, Google's senior research scientists also designed to discover Downfall vulnerabilities in Intel processors that can steal sensitive data, including users'e-mails, messages and bank financial passwords.

Downfall vulnerability tracking, numbered CVE-2022-40982, is a transient execution side channel vulnerability (transient execution side-channel) that affects all processors from Skylake to Ice Lake.

An attacker can exploit this vulnerability to extract sensitive information protected by Software Guard eXtensions (SGX). CTOnews.com Note: SGX is Intel's hardware-based memory encryption that can encrypt and isolate memory codes and software data on the system.

Daniel Moghimi, a Google research expert, discovered the vulnerability and promptly reported it to Intel, saying that the Downfall attack technology exploited collection instructions that "disclose the contents of internal vector register files during speculative execution."

In the demonstration, Moghimi can use Gather Data Sampling (GDS) technology to steal AES 128bit and 256bit encryption keys on a controlled virtual machine (VM).

In the test of stealing 100 keys, the first success rate of stealing AES-128 was 100%; the first success rate of stealing AES-256 was 86%.

CTOnews.com encloses the affected processor models here:

Skylake family: Skylake, Cascade Lake, Cooper Lake, Amber Lake, Kaby Lake, Coffee Lake, Whiskey Lake and Comet Lake

Tiger Lake family

Ice Lake family: Ice Lake, Rocket Lake

Vivek Tiwari, vice president of remediation and response engineering at Intel, said it would be too expensive and complex for an attacker to replicate the vulnerability outside the lab environment.

Intel subsequently issued a statement saying that customers could review the risk assessment guidelines and then decide to alleviate the problem by disabling microcode on Windows and Linux as well as on Virtual Machine Manager (VMM).

Intel provides customers with threat assessment and performance analysis information and concludes that the impact of the issue may be small in some environments.

Linus Torvalds released kernel code changes and other security patches around AMD INCEPTION and Intel DOWNFALL vulnerabilities.

This merge adds parts of the kernel around mitigating AMD's speculative return address stack (RAS) overflow vulnerability for Zen 3 and Zen 4:

Https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=138bcddb86d8a4f842e4ed6f0585abc9b1a764ff

Linus also incorporates kernel changes around Intel Gather Data Sampling (GDS) / DOWNFALL. Refer to the Intel DOWNFALL vulnerability overview for more information on this issue affecting Skylake to Ice Lake / Tigerlake processors:

Https://downfall.page/

Both AMD and Intel processors require microcode updates, which will be pushed at any time:

Https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html

Https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html

Related readings:

"Inception vulnerability exposure: affects all AMD Zen processors and can disclose sensitive data"

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.