• Intel CPU Attack: Downfall CVE-2022-40982

    Author
    Topic
    #2578694

    https://www.bleepingcomputer.com/news/security/new-downfall-attacks-on-intel-cpus-steal-encryption-keys-data/

    https://downfall.page/

    [Q] How long have users been exposed to this vulnerability?
    [A] At least nine years. The affected processors have been around since 2014. [Q] How long was this vulberability under embargo? [A] Almost one year. I reported this vulnerability to Intel August 24, 2022.

    https://www.wired.com/story/downfall-flaw-intel-chips/

    Windows 10 22H2 desktops & laptops on Dell, HP, ASUS; No servers, no domain.

    • This topic was modified 1 year, 9 months ago by windbg.
    5 users thanked author for this post.
    Viewing 16 reply threads
    Author
    Replies
    • #2578697

      Noticed this has been gathering momentum across the web over the last few days.
      Ties in with the CVE number 2022-40982 (year 2022 prefix) associated with the vuln. It reminds me of a spectre side-channel but worse if you have any of those CPU’s.

      No chance of RMA from intel either, a 30% reduction in hyperthreading as a performance consequence of the many mitigations.

      Windows - commercial by definition and now function...
    • #2578833

      Does this mean Windows 12 will lock out anything older than a 12th gen Intel, considering they used Meltdown/Spectre as a reason to lock out older CPUs?

      1 user thanked author for this post.
    • #2578834

      Does this mean Windows 12 will lock out anything older than a 12th gen Intel, considering they used Meltdown/Spectre as a reason to lock out older CPUs?

      Intriguing what versions will comply in the end, same as the AMD processors the have a different flaw….. 🤔

      * _ ... _ *
      • #2578849

        But Windows 12 is “suppose” to be an in the cloud OS so it won’t matter what CPU your PC is using since the OS won’t be “installed” on it.

    • #2578841

      Isn’t this in the news now because it’s being fixed?

      Recommendations:

      Intel recommends that users of affected Intel® Processors update to the latest version firmware provided by the system manufacturer that addresses these issues.

      2023.3 IPU – Intel® Processor Advisory

      “an attacker would need to be running on the same physical core as the target and be able to run untrusted code”

      “trying to exploit this outside of a controlled lab environment would be a complex undertaking.”

    • #2578857

      Note that Google has already patched its cloud servers for Downfall:
      https://cloud.google.com/support/bulletins#gcp-2023-024
      Amazon’s cloud was ready for this vulnerability disclosure too:
      https://aws.amazon.com/security/security-bulletins/AWS-2023-007/

      Windows 10 22H2 desktops & laptops on Dell, HP, ASUS; No servers, no domain.

    • #2578886

      Are Macs affected by that scary Intel ‘Downfall’ vulnerability?

      Years of Macs use affected processors, but it’s unclear if they are subject to the attack or not.

      ..Are any Macs affected?

      At this point, it’s unclear whether Macs are affected. Nearly every Mac from the Skylake generation onward (starting in late 2015) that has an Intel CPU inside uses a processor that is on Intel’s list of affected products. If you have an Intel-based Mac from 2016 or later (or the iMac released in late 2015), your CPU is almost certainly affected.

      But Macs are sort of unique. Intel Macs used custom motherboards and firmware, some even have the T2 processor that manages a lot of stuff. It doesn’t seem as though any of this would necessarily prevent an attack using the Downfall vulnerability, but it’s hard to know until we get confirmation from Apple. we’ve reached out for clarification and will update this article if someone responds…

    • #2578887

      Isn’t this in the news now because it’s being fixed?
      update to the latest version firmware provided by the system manufacturer that addresses these issues.

      No, it not being fixed. No PC manufacturer will release BIOS firmware for 6 years old unsupported PCs.

      • #2578894

        0patch for a resident memory mitigation may be a feasible avenue for the unsupported CPU’s affected where manufacturers refuse to issue a bios/firmware update.

        Windows - commercial by definition and now function...
        1 user thanked author for this post.
    • #2578985

      For AMD CPUs its ‘Inception

      CVE-2023-20569

      Summary

      AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. The attack can result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. This attack is similar to previous branch prediction-based attacks like Spectrev2 and Branch Type Confusion (BTC)/RetBleed. As with similar attacks, speculation is constrained within the current address space and to exploit, an attacker must have knowledge of the address space and control of sufficient registers at the time of RET (return from procedure) speculation. Hence, AMD believes this vulnerability is only potentially exploitable locally, such as via downloaded malware, and recommends customers employ security best practices, including running up-to-date software and malware detection tools.

      AMD is not aware of any exploit of ‘Inception’ outside the research environment at this time…

      https://arstechnica.com/information-technology/2023/08/data-leaking-downfall-bug-affects-six-generations-of-intel-pc-and-server-cpus/

    • #2579005

      It sounds to me that the only secure CPU is one that doesn’t perform speculative execution. But it would also be significantly slower.

    • #2579006

      It sounds to me that the only secure CPU is one that doesn’t perform speculative execution. But it would also be significantly slower.

      The only secure CPU is Apple Silicon.

    • #2580050

      I hope I am entering this question appropriately. As an ordinary user, with two laptops affected by this Intel Downfall Venerability, I just need to know how to fix this. These are Acer laptops and I don’t see anything on the ACER website about this and I am not comfortable updating the BIOS, etc. I find this very confusing. Any help is appreciated. Thanks.

      • #2580079

        One interpretation of this security vulnerability is ordinary users have little to worry about. Cloud vendors and enterprises using affected processors should patch.

        My main system is no longer being maintained by the manufacturer and won’t be patched. Running unpatched for this will have no bearing on when I choose to upgrade to a better system.

        Windows 10 22H2 desktops & laptops on Dell, HP, ASUS; No servers, no domain.

        2 users thanked author for this post.
      • #2580080

        If you are a home user the attacker is not going to use this to go after you.

        Susan Bradley Patch Lady/Prudent patcher

        6 users thanked author for this post.
    • #2580094

      If you are a home user the attacker is not going to use this to go after you.

      Maybe. But the chance of your PC manufacturer updating your 6 years old PC BIOS is non-existant.

      2 users thanked author for this post.
      • #2580128

        I agree. But this is a datacenter worry, not home user worry.  The attack sequence is “trying to exploit this outside of a controlled lab environment would be a complex undertaking.”

         

         

        Susan Bradley Patch Lady/Prudent patcher

        3 users thanked author for this post.
    • #2582976

      Microsoft, Intel confirm “Downfall” of 7th, 8th, 9th, 10th, 11th Gen CPUs, firmware out

      Intel and Microsoft have confirmed that almost all of Intel’s desktop processors, prior to 12th Gen CPUs, are vulnerable to a new Transient Execution or Speculative execution side-channel attack called Gather Data Sampling (GDS) vulnerability (codenamed “Downfall”). The new GDS flaw, dubbed “Downfall”, is tracked under CVE-2022-40982…

      https://support.microsoft.com/en-us/topic/kb5029778-how-to-manage-the-vulnerability-associated-with-cve-2022-40982-d461157c-0411-4a91-9fc5-9b29e0fe2782

      “Microsoft is aware of a new transient execution attack named gather data sampling (GDS) or “Downfall.” This vulnerability could be used to infer data from affected CPUs across security boundaries such as user-kernel, processes, virtual machines (VMs), and trusted execution environments.”

      https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html

      “Gather Data Sampling (GDS) is a transient execution side channel vulnerability affecting certain Intel processors. In some situations when a gather instruction performs certain loads from memory, it may be possible for a malicious attacker to use this type of instruction to infer stale data from previously used vector registers. These entries may correspond to registers previously used by the same thread, or by the sibling thread on the same processor core.”

      Intel has confirmed the issue is resolved by microcode update (MCU) or Intel Platform Update (IPU) version 20230808 as the mitigation is enabled by default. Hence, users with 7th Gen, up to 11th Gen Intel CPUs are advised to update their motherboard firmware.

      https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html

      1 user thanked author for this post.
    • #2583026

      Intel has confirmed the issue is resolved by microcode update (MCU) or Intel Platform Update (IPU) version 20230808 as the mitigation is enabled by default. Hence, users with 7th Gen, up to 11th Gen Intel CPUs are advised to update their motherboard firmware.

      https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html


      @Alex5723
      , You really know how to make my day, Snifff
      So the word is out and we have to buy a Gen.12+ processor qualified system.

      * _ ... _ *
    • #2583095

      So the word is out and we have to buy a Gen.12+ processor qualified system.

      Not if you are a home user.
      Enterprises should not run old hardware.

      Anyway, OEM won’t issue firmware updates for unsupported PCs.

      1 user thanked author for this post.
    • #2584176

      https://support.microsoft.com/en-us/topic/kb5029778-how-to-manage-the-vulnerability-associated-with-cve-2022-40982-d461157c-0411-4a91-9fc5-9b29e0fe2782

      …To mitigate the vulnerability associated with CVE-2023-40982, install the Intel Platform Update (IPU) 23.3 microcode update. Typically, you need to obtain this update from your original equipment manufacturer (OEM). For a list of OEMs, see System Manufacturers. No further action to mitigate the vulnerability is required.

      Disable the mitigation

      If you do not consider GDS to be part of your threat model, you might choose to turn off (disable) the mitigation in a bare-metal environment.

      Note Disabling the mitigation when Hyper-V (Virtualization) is enabled is not in scope of this current implementation.

      To disable the GDS mitigation in Windows, you must have the following installed, as appropriate for your environment:

      On supported Windows 10 and Windows 11 environments, you must have installed the Windows update dated on or after August 22, 2023.

      On supported Windows Server environments, you must have installed the Windows update dated on or after September 12, 2023.

      After the appropriate Windows update is installed, you must set the following feature flag in the registry:…

    • #2585535

      Microsoft have removed the option to disable this:

      https://support.microsoft.com/en-us/topic/kb5029778-how-to-manage-the-vulnerability-associated-with-cve-2022-40982-d461157c-0411-4a91-9fc5-9b29e0fe2782

      “IMPORTANT The mitigation described in this article is Enabled by default with no option to disable it. We recommend that you mitigate the vulnerability as soon as possible.”

      1 user thanked author for this post.
    Viewing 16 reply threads
    Reply To: Intel CPU Attack: Downfall CVE-2022-40982

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: