Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs
10.8.23 Attack The Hacker News
Cybersecurity researchers have disclosed details of a trio of side-channel attacks that could be exploited to leak sensitive data from modern CPUs.
Called Collide+Power (CVE-2023-20583), Downfall (CVE-2022-40982), and Inception (CVE-2023-20569), the novel methods follow the disclosure of another newly discovered security vulnerability affecting AMD's Zen 2 architecture-based processors known as Zenbleed (CVE-2023-20593).
"Downfall attacks target a critical weakness found in billions of modern processors used in personal and cloud computers," Daniel Moghimi, senior research scientist at Google, said. "This vulnerability [...] enables a user to access and steal data from other users who share the same computer."
In a hypothetical attack scenario, a malicious app installed on a device could weaponize the method to steal sensitive information like passwords and encryption keys, effectively undermining Intel's Software Guard eXtensions (SGX) protections.
The problem is rooted in the memory optimization features introduced by Intel in its processors, specifically those with AVX2 and AVX-512 instruction sets, thereby causing untrusted software to get past isolation barriers and access data stored by other programs.
This, in turn, is achieved by means of two transient execution attack techniques called Gather Data Sampling (GDS) and Gather Value Injection (GVI), the latter of which combines GDS with Load Value Injection (LVI).
"[Downfall and Zenbleed] allow an attacker to violate the software-hardware boundary established in modern processors," Tavis Ormandy and Moghimi noted. "This could allow an attacker to access data in internal hardware registers that hold information belonging to other users of the system (both across different virtual machines and different processes)."
Intel described Downfall (aka GDS) as a medium severity flaw that could result in information disclosure. It's also releasing a microcode update to mitigate the problem, although there is a possibility of a 50% performance reduction. The full list of affected models is available here.
"While this attack would be very complex to pull off outside of such controlled conditions, affected platforms have an available mitigation via a microcode update," the company told The Hacker News in a statement. "Recent Intel processors, including Alder Lake, Raptor Lake, and Sapphire Rapids, are not affected."
"Many customers, after reviewing Intel's risk assessment guidance, may determine to disable the mitigation via switches made available through Windows and Linux operating systems as well as VMMs. In public cloud environments, customers should check with their provider on the feasibility of these switches."
If anything, the discovery of Downfall underscores the need for balancing security and performance optimization demands.
"Optimization features that are supposed to make computation faster are closely related to security and can introduce new vulnerabilities, if not implemented properly," Ormandy and Moghimi said. In a related development, the chipmaker also moved to address a number of flaws, including a privilege escalation bug in the BIOS firmware for some Intel(R) Processors (CVE-2022-44611) that arises as a result of improper input validation. "A remote attacker that is positioned within Bluetooth proximity to the victim device can corrupt BIOS memory by sending malformed [Human Interface Device] Report structures," NCC Group security researcher Jeremy Boone said. Coinciding with Downfall is Inception, a transient execution attack that leaks arbitrary kernel memory on all AMD Zen CPUs, including the latest Zen 4 processors, at a rate of 39 bytes/s. "As in the movie of the same name, Inception plants an 'idea' in the CPU while it is in a sense 'dreaming,' to make it take wrong actions based on supposedly self conceived experiences," ETH Zurich researchers said. "Using this approach, Inception hijacks the transient control-flow of return instructions on all AMD Zen CPUs." The approach is an amalgamation of Phantom speculation (CVE-2022-23825) and Training in Transient Execution (TTE), allowing for information disclosure along the lines of branch prediction-based attacks like Spectre-V2 and Retbleed. "Inception makes the CPU believe that a XOR instruction is a recursive call instruction which overflows the return stack buffer with an attacker-controlled target," the researchers explained. AMD, besides providing microcode patches and other mitigations, said the vulnerability is "only potentially exploitable locally, such as via downloaded malware, and recommends customers employ security best practices, including running up-to-date software and malware detection tools." It's worth noting that a fix for CVE-2022-23825 was rolled out by Microsoft as part of its July 2022 Patch Tuesday updates. CVE-2023-20569 has been addressed in the Windows maker's August 2023 Security Updates. Rounding off the side-channel attacks is an unconventional software-based method dubbed Collide+Power, which works against devices powered by all processors and could be abused to leak arbitrary data across programs as well as from any security domain at a rate of up to 188.80 bits/h. "The root of the problem is that shared CPU components, like the internal memory system, combine attacker data and data from any other application, resulting in a combined leakage signal in the power consumption," a group of academics from the Graz University of Technology and CISPA Helmholtz Center for Information Security said. "Thus, knowing its own data, the attacker can determine the exact data values used in other applications." In other words, the idea is to force a collision between attacker-controlled data, via malware planted on the targeted device, and the secret information associated with a victim program in the shared CPU cache memory. "The leakage rates of Collide+Power are relatively low with the current state-of-the-art, and it is highly unlikely to be a target of a Collide+Power attack as an end-user," the researchers pointed out. "Since Collide+Power is a technique independent of the power-related signal, possible mitigations must be deployed at a hardware level to prevent the exploited data collisions or at a software or hardware level to prevent an attacker from observing the power-related signal."