Full Report
Researchers also disclosed a separate bug called "Inception" for newer AMD CPUs.
Analysis Summary
# Vulnerability: Intel CPU "Downfall" Information Leak via Gather Instruction Flaw
## CVE Details
- CVE ID: CVE-2022-40982
- CVSS Score: Not explicitly stated, but described as "medium" severity.
- CWE: Not explicitly stated, but related to improper handling of speculative execution/data leakage from hardware registers.
## Affected Systems
- Products: Intel Consumer, Workstation, and Server CPUs across six generations.
- Versions: Across multiple generations of Intel processors (specific version lists are not provided in this summary, users must consult vendor advisories).
- Configurations: Affects systems utilizing the "Gather" instruction. Special consideration for systems using Intel Software Guard Extensions (SGX).
## Vulnerability Description
The "Downfall" vulnerability (CVE-2022-40982) exploits a flaw in the "Gather" instruction used by affected Intel CPUs to fetch data from multiple memory locations. This flaw causes the CPU to unintentionally reveal internal hardware registers to software running on the system. This allows untrusted software to access sensitive data stored by other programs running locally, such as encryption keys.
## Exploitation
- Status: Not aware of any active in-the-wild exploits publicly reported at the time of disclosure.
- Complexity: Based on the description of PoC availability and the nature of the bug, expected complexity is likely **Medium**.
- Attack Vector: **Local** (Requires untrusted software to be executed on the affected system).
## Impact
- Confidentiality: High (Can leak sensitive data like encryption keys from other programs).
- Integrity: Potential
- Availability: Unspecified/Low
## Remediation
### Patches
- **Microcode Updates:** Initial fixes are available via OS-level microcode updates.
- **Firmware Updates:** Systems must receive firmware updates from motherboard/system manufacturers that incorporate the corrected microcode.
- For systems using Intel Software Guard Extensions (SGX), the fix **must** be loaded via firmware.
### Workarounds
- No specific workarounds other than immediate patching are detailed, emphasizing the need for microcode/firmware updates.
## Detection
- **Indicators of Compromise:** Specific IoCs are not listed, but unauthorized access to data stored by other processes is the expected symptom.
- **Detection Methods and Tools:** Not specified, but monitoring system behavior for suspicious data access patterns is recommended.
## References
- [Intel Security Advisory (Intel SA-00828)](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html)
- [Downfall Vulnerability Website](https://downfall.page/)
- [Downfall White Paper (PDF)](https://downfall.page/media/downfall.pdf)