Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,298
Cybersecurity researchers have disclosed details of a trio of side-channel attacks that could be exploited to leak sensitive data from modern CPUs.

Called Collide+Power (CVE-2023-20583), Downfall (CVE-2022-40982), and Inception (CVE-2023-20569), the novel methods follow the disclosure of another newly discovered security vulnerability affecting AMD's Zen 2 architecture-based processors known as Zenbleed (CVE-2023-20593).

"Downfall attacks target a critical weakness found in billions of modern processors used in personal and cloud computers," Daniel Moghimi, senior research scientist at Google, said. "This vulnerability [...] enables a user to access and steal data from other users who share the same computer."
"[Downfall and Zenbleed] allow an attacker to violate the software-hardware boundary established in modern processors," Tavis Ormandy and Moghimi noted. "This could allow an attacker to access data in internal hardware registers that hold information belonging to other users of the system (both across different virtual machines and different processes)."
 

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,526

It's like a nesting doll of security flaws​

AMD processor users, you have another data-leaking vulnerability to deal with: like Zenbleed, this latest hole can be to steal sensitive data from a running vulnerable machine.… The flaw (CVE-2023-20569), dubbed Inception in reference to the Christopher Nolan flick about manipulating a person's dreams to achieve a desired outcome in the real world, was disclosed by ETH Zurich academics this week. And yes, it's another speculative-execution-based side-channel that malware or a rogue logged-in user can abuse to obtain passwords, secrets, and other data that should be off limits.
 

[correlate]

Level 18
Top Poster
Well-known
May 4, 2019
800
Spectre is a critical CPU vulnerability that was first disclosed in 2018. It exploits the architecture of modern microprocessors, including those developed by Intel, AMD, and Arm. Spectre is a speculative execution vulnerability, which targets a fundamental optimization technique used by processors to improve performance. Speculative execution allows processors to predict and execute upcoming instructions, which can speed up overall performance by executing tasks before they are actually needed. However, Spectre exploits the speculative execution process to leak sensitive data from a computer's memory, potentially exposing highly confidential information such as passwords, encryption keys, and other sensitive data.
 

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,526
Microsoft published a support article about the recently disclosed CVE-2022-40982 vulnerability, commonly referred to as Downfall, that affects Windows devices. The vulnerability was disclosed earlier this month. It affects several Intel processor versions and all supported versions of Windows 10, Windows 11 and Windows Server versions 2019 and 2022. Microsoft provides guidance about the security issue in the support document KB5029778. There, the company explains how system administrators may install protections against potential exploits and how to disable the protections.

Successful exploitation of the vulnerability could "be used to infer data from affected CPUs across security boundaries such as user-kernel, processes, virtual machines (VMs), and trusted execution environments". Administrators need to install the Intel Platform Update 23.3 microcode update to mitigate the vulnerability. The update is usually supplied by the original equipment manufacturer and Microsoft recommends contacting the manufacturer for information on obtaining and installing the update. A list of companies and links to driver and software download websites are available on the Intel website.

Intel's latest products are not affected by the vulnerability, including Alder Lake, Raptor Lake and Sapphire Rapids.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top