October 3, 2023

Researchers have disclosed about the details of a new side-channel attack targeting Intel processors named Downfall.

The vulnerability tracked as CVE-2022-40982, Like other CPU attack methods, Downfall can be used by a local attacker or malware to gain access to sensitive information, such as passwords and encryption keys of targeted devices’ users. This attack can be conducted in cloud environments, allowing an attacker to steal data from other users on the same cloud computer.

The vulnerability is caused by memory optimization features in Intel processors, which inadvertently reveal internal hardware registers to software. This unintended exposure enables untrusted software to access data stored by other programs, which would not normally be accessible.


The vulnerability is specifically related to the Gather instruction, which is designed to speed up memory access. During speculative execution, this instruction leaks the content of the internal vector register file. Researcher used the Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques to exploit this vulnerability.

These findings were reported to Intel a year ago and a PoC also created so that the exploit can steal encryption keys from OpenSSL using the GDS method. While remote attacks via a web browser are theoretically possible, further research is needed to demonstrate such an attack.

In response to the vulnerability, Intel has released a security advisory rated as medium severity. The company is providing firmware updates and an optional software sequence to mitigate the potential risk. The affected processors include Intel Xeon and Core processors released in the past decade, as well as the Intel SGX hardware security feature.

This disclosure comes shortly after Google researchers discovered Zenbleed, an AMD Zen 2 processor vulnerability, and ETH Zurich researchers disclosed the details of Inception, an attack that leaks potentially sensitive data from any part of the memory in a device powered by an AMD Zen processor.

Leave a Reply

%d bloggers like this: