Solution to hardware flaw in Intel CPUs may cause large performance hit

Share post:

A hardware flaw in Intel Core and Xeon CPUs lets attackers steal data from other users on the same system, including on servers that use Intel’s SGX memory protections, according to a Google researcher.

According to SC Magazine, Daniel Moghimi told the Black Hat 2023 security conference this week that the vulnerability, dubbed “Downfall”, endangers data running on virtual machines or in containers in shared environments, such as in most cloud-computing deployments, as well as on personal computers with multiple users. The flaw is also known as CVE-2022-40982.

A malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages, Moghimi wrote on the Downfall information website. Similarly, he said, in cloud computing environments, a malicious customer could exploit the Downfall vulnerability to steal data and credentials from other customers who share the same cloud computer.

The vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software. This allows untrusted software to access data stored by other programs, which should not normally be accessible.

Computing devices based on Intel Core processors from the 6th generation Skylake — released in 2014 — to the 11th generation Tiger Lake are affected, the website says.

“It took me two weeks to develop an end-to-end attack stealing encryption keys from OpenSSL,”  Moghimi said. “It only requires the attacker and victim to share the same physical processor core, which frequently happens on modern-day computers, implementing preemptive multitasking and simultaneous multithreading.”

Intel is releasing a microcode update that blocks transient results of the exploit Moghimi created. However, the information site says, according to Intel some workloads may experience up to a 50 per cent performance hit.

The post Solution to hardware flaw in Intel CPUs may cause large performance hit first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Cyber Security Today, May 20, 2024 -Ransomware gang claims it hit a Canadian internet provider

A ransomware gang claims it hit a Canadian internet provider. Welcome to Cyber Security Today. It's Monday May 20th,...

Cyber Security Today, Week in Review for week ending Friday May 17, 2024

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, May 17th,...

Cyber Security Today, May 17, 2024 – Malware hiding in Apache Tomcat servers

Malware hiding in Apache Tomcat servers, new backdoors found, and more Welcome to Cyber Security Today. It's Friday, May...

MIT students exploit blockchain vulnerability to steal 25 million dollars

Two MIT students have been implicated in a highly sophisticated cryptocurrency heist, where they reportedly exploited a vulnerability...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways