Downloadfall: CPU Intel attacked, data leakage from other processes

Vulnerability in Intel Processors Allows Data Leakage, Researchers Warn

Researcher Daniel Moghimi from Google, in collaboration with the University of California at San Diego, has discovered a new vulnerability in Intel processors. The vulnerability, named Downloadfall, is related to the speculative implementation of instructions in the processor’s system and allows attackers to determine the contents of vector registers previously used in other processes. The attack technique has been dubbed Gather Data Sampling (GDS) (source).

The vulnerability (CVE-2022-40982) poses a serious risk as it enables unprivileged attackers to leak data from other processes, the system’s kernel, isolated enclaves of Intel SGX, and virtual machines. The vector registers that can be accessed are commonly used in encryption, memory copying, and string processing functions. For instance, the GLIBC library’s Memcpy, StrCmp, and Strlen functions rely on these registers for data processing. Exploiting this vulnerability could result in the leakage of encryption, confidential data, and user passwords (source).

As a demonstration of the potential impact, proof-of-concept exploits have been published for extracting cryptographic keys from other processes, leaking data copied with the Memcpy function in the Linux kernel, and intercepting remaining characters in vector registers after the execution of other processes. The use of this vulnerability could allow attackers to determine AES keys used for data encryption in other users’ processes, even when the OpenSSL library is employed (source).

Experiments conducted during the research showed that the method of exploitation was highly efficient. For example, in a test with 100 keys, 100% of AES-128 keys and 86% of AES-256 keys were successfully determined within 10 seconds. This vulnerability could also be leveraged in cloud systems to access data processed in other virtual machines. Furthermore, there is a possibility of exploiting the

/Reports, release notes, official announcements.