Intel Downfall Security Flaw Affecting Older Chips Discovered by Researcher, Chipmaker Rolls Out Fixes

Downfall has impacted users for at least nine years as the affected chips date back to 2014, according to the security researcher who discovered the flaw.

Written by David Delima, Edited by Siddharth Suvarna | Updated: 9 August 2023 17:42 IST

Intel Downfall Security Flaw Affecting Older Chips Discovered by Researcher, Chipmaker Rolls Out Fixes

Photo Credit: Reuters

Downfall can also bypass fixes previously issued by Intel for older flaws like Meltdown

Highlights

Intel has issued security fixes for a flaw affecting its older CPUs
The Downfall vulnerability affects chips that are up to nine years old
Intel revealed details about the security flaws on August 8

Intel processors are affected by Downfall, a security flaw that can allow a malicious user to gain access to sensitive and private user data from users' computers, and the chipmaker is rolling out fixes that patch the vulnerability on affected systems. The flaw was detected by a California-based researcher and disclosed to Intel, allowing the firm to patch the issue before details were published online. Unlike the company's recent chips, older CPUs released by Intel in 2015 are currently vulnerable and these models will receive a microcode update to fix the potential leakage of information.

The chipmaker has assigned a "Medium" security rating for the bug in a post on the Intel Security website, which states that the firm will issue a firmware update and a software sequence — the latter is optional — that is designed to patch the security flaw. Customers with PCs powered by Intel's 6th generation Skylake processors all the way up to the 11th generation Tiger Lake processors are affected by the security flaw. Alder Lake, Sapphire Rapids, and Raptor Lake chips are not affected by the flaw.

Dropping #Downfall, exploiting speculative forwarding of 'Gather' instruction to steal data from hardware registers. #MeltdownSequel
- Practical to exploit (POC/Demo)
- Defeat all isolation boundaries (OS, VM, SGX)
- Bypass all Meltdown/MDS mitigations.https://t.co/udgnfAWCE2 pic.twitter.com/mZvsAs5uRl
— Daniel Moghimi (@flowyroll) August 8, 2023

Dubbed Downfall by Daniel Moghimi, the Google security researcher who discovered it, the vulnerability is capable of beating boundaries set by the chipmaker for the operating system, virtual machine, and Intel's Software Guard Extensions. Moghimi used the Gather instruction that is used to make it easier to access data that is scattered in the device's memory in order to discover the flaw and develop a proof of concept that was shared with the company in order to develop a fix.

The researcher also explains that the Downfall vulnerability can also bypass fixes previously issued by Intel for older flaws such as Meltdown and Microarchitectural Data Sampling (MDS). Intel is rolling out microcode updates to secure its older processors against the flaw that can allow an attacker to steal arbitrary data from the Linux Kernel, 128-bit and 256-bit AES keys from another user, and even spy on printable characters, according to Moghimi.

Moghimi says the Downfall vulnerability is "highly practical" and that developing an end-to-end attack to steal encryption keys from OpenSSL — and open-source encryption library — took only two weeks. Users have been exposed to Downfall for at least nine years, as the chips affected by the security flaw were released as early as 2014.

“The security researcher, working within the controlled conditions of a research environment, demonstrated the GDS issue which relies on software using Gather instructions. While this attack would be very complex to pull off outside of such controlled conditions, affected platforms have an available mitigation via a microcode update. Recent Intel processors, including Alder Lake, Raptor Lake and Sapphire Rapids, are not affected. Many customers, after reviewing Intel's risk assessment guidance, may determine to disable the mitigation via switches made available through Windows and Linux operating systems as well as VMMs. In public cloud environments, customers should check with their provider on the feasibility of these switches,” an Intel spokesperson told Gadgets 360.

From the launch of the Infinix GT 10 Pro to Amazon's latest mega-sale, we discuss the most noteworthy technology news events of the week on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Intel, Downfall, Security Flaws, Vulnerability

David Delima

Email David Delima

As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be contacted via email at DavidD@ndtv.com, on Twitter at @DxDavey, and Mastodon at mstdn.social/@delima. More