New Side-Channel Attacks Impacting Modern CPUs: Collide+Power, Downfall, and Inception

August 9, 2023

Cybersecurity researchers have unveiled three new side-channel attacks that could potentially compromise modern Central Processing Units (CPUs) and leak sensitive information. The attacks, named Collide+Power (CVE-2023-20583), Downfall (CVE-2022-40982), and Inception (CVE-2023-20569), follow the discovery of a fresh security vulnerability affecting AMD's Zen 2 architecture-based processors, known as Zenbleed (CVE-2023-20593).

Daniel Moghimi, a senior research scientist at Google, explained that Downfall attacks exploit a critical weakness present in billions of modern processors used in personal and cloud computers. This vulnerability allows a user to access and steal data from other users sharing the same computer. In a potential attack scenario, a malicious app installed on a device could employ this method to steal sensitive data such as passwords and encryption keys, effectively bypassing Intel's Software Guard eXtensions (SGX) protections.

The issue originates from the memory optimization features implemented by Intel in its processors, particularly those with AVX2 and AVX-512 instruction sets. This allows untrusted software to circumvent isolation barriers and access data stored by other programs. The data breach is accomplished through two transient execution attack techniques, Gather Data Sampling (GDS) and Gather Value Injection (GVI), the latter combining GDS with Load Value Injection (LVI).

Intel has categorized Downfall (also known as GDS) as a medium severity flaw that could lead to information disclosure. The company is releasing a microcode update to address the issue, although it may result in a 50% performance reduction.

In related news, the chipmaker is also working to fix a number of flaws, including a privilege escalation bug in the BIOS firmware for some Intel(R) Processors (CVE-2022-44611) that arises from improper input validation. A remote attacker within Bluetooth proximity to the victim device can corrupt BIOS memory by sending malformed Human Interface Device Report structures, according to Jeremy Boone, a security researcher at NCC Group.

Concurrently, there's Inception, a transient execution attack that leaks arbitrary kernel memory on all AMD Zen CPUs, including the latest Zen 4 processors. Inception manipulates the transient control-flow of return instructions on all AMD Zen CPUs, combining Phantom speculation (CVE-2022-23825) and Training in Transient Execution (TTE) to allow for information disclosure similar to branch prediction-based attacks like Spectre-V2 and Retbleed. AMD has provided microcode patches and other mitigations, stating that the vulnerability is only potentially exploitable locally, such as via downloaded malware, and recommends customers employ security best practices, including running up-to-date software and malware detection tools.

The final side-channel attack is an unusual software-based method named Collide+Power, which could be used to leak arbitrary data across programs and from any security domain. This problem arises from shared CPU components, like the internal memory system, combining attacker data and data from any other application, resulting in a combined leakage signal in the power consumption. Mitigations must be deployed at a hardware level to prevent the exploited data collisions or at a software or hardware level to prevent an attacker from observing the power-related signal.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Continuous VisibilityPrioritizationValidation

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.