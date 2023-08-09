Black Hat Googlers have recently identified two security vulnerabilities in Intel and AMD processors that can be exploited to retrieve sensitive data from a computer’s memory. One flaw affects Intel components while the other affects AMD processors. Both vulnerabilities can be abused by malware or rogue users to extract passwords and other data from memory, especially concerning for those using shared servers in the cloud.

The Intel vulnerability, known as Downfall, was discovered by Daniel Moghimi and was addressed a year after its private disclosure. The AMD vulnerability, named Zenbleed and found by Tavis Ormandy, was partially patched in July after being reported privately in mid-May.

Both vulnerabilities are enabled by speculative execution, a CPU technique that executes instructions in parallel on a single thread. This technique speeds up code execution, but it also opens the door to potential abuse. Downfall and Zenbleed allow an attacker to observe data that should be off-limits, such as cryptographic keys and runtime data.

Previous attacks such as Spectre and Meltdown have also exploited speculative execution to obtain sensitive data from memory. To mitigate the impact of these attacks, hardware upgrades and software workarounds were employed. However, Downfall exposes that more work needs to be done to address these vulnerabilities.

Downfall exploits the speculative forwarding of data from the SIMD Gather instruction, while Zenbleed takes advantage of improper implementation of speculative execution for the SIMD vzeroupper instruction. Both vulnerabilities can leak stale data, making sensitive information accessible.

Intel has released a fix for Downfall, but it may cause up to a 50% performance hit depending on the workload. AMD’s Zenbleed patch does not significantly affect performance.

It is recommended that customers in public cloud environments consult with their providers regarding the availability of mitigations for these vulnerabilities. Daniel Moghimi will discuss Downfall at the Black Hat conference in Las Vegas today, and the USENIX Security Symposium on August 11th. AMD has not announced any upcoming talks or conferences related to Zenbleed.