17th August 2023
What is it?
Downfall is a bug that affects CPU (processors) of computers used across the world.
The researcher that discovered the bug describes it this way:
Downfall attacks target a critical weakness found in billions of modern processors used in personal and cloud computers. This vulnerability, identified as CVE-2022-40982, enables a user to access and steal data from other users who share the same computer.
It is classed medium severity bug which generally means it can be addressed by platform and computer owners, once they apply the relevant patch from the computer vendor.
Why does it matter?
Intel Processors are in computers across the world. This bug also affects the less common AMD processor.
It is interesting and probably a little concerning because a central trait of the bug is that it in theory allows one user of a computer to access the information belonging to another user of that same computer.
That's a big potential issue in the cloud environment - where many many businesses and individuals use the same computer belonging to their provider. Clouds are essentially computers joined together and shared between many users.
Ars Technica have a good piece on this here:
"Also known as CVE-2022-40982, the Downfall bug exploits a flaw in the "Gather" instruction that affected Intel CPUs use to grab information from multiple places in a system's memory. According to Google security researcher Daniel Moghimi, the bug causes the CPU to "unintentionally reveal internal hardware registers to software," which "allows untrusted software to access data stored by other programs." Moghimi's proof-of-concept shows Downfall being used to steal encryption keys from other users on a given server, as well as other kinds of data."
What we've done in Tibus
We have checked the CPUs of various parts of our infra and mostly these are not impacted when compared with Intels CPU list here: Affected Processors: Transient Execution Attacks & Related Security... (intel.com).
We are liaising closely with specialist vendor advice in VMWare and Dell and will evaluate their mitigation instructions. We don't envisage a security issue within our estate but clearly vendor mitigation will be followed for our customers cloud platforms.
What about for clients?
Do seek advice from your provider. It will be worth you evaluating your user-device estate too - these Downfall vulnerabilities apply to PCs and laptops. Feel free to contact us for advice on BIOS updates.
Further resources
- “Downfall” bug affects years of Intel CPUs, can leak encryption keys and more | Ars Technica
- Downfall
- Mitre: CVE - CVE-2022-40982 (mitre.org)
- VMware: VMware Response to Gather Data Sampling (GDS) - Transient Execution Side-channel vulnerability impacting Intel processors (CVE-2022-40982) - VMware Security Blog - VMware
- Dell: https://www.dell.com/support/kbdoc/en-us/000216460/dsn-2023-002-aug-2023-intel-security-advisories-impact-on-dell-products
- Intel: INTEL-SA-00828