AMD and Intel researchers have disclosed two new vulnerabilities that affect some of the companies’ most popular CPUs. “Downfall,” which has been detailed by Google researcher Daniel Moghimi in a dedicated site, appears to affect 6th Gen (Skylake) to 11th Gen (Tiger Lake) Core processors, while “Inception” is said to impact Zen through Zen 4 products in the desktop, server, and embedded categories. Moghimi described Intel’s vulnerability as being “highly practical,” while AMD says its problem has only been observed in research environments.
“The vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software,” Moghami said of Downfall. “This allows untrusted software to access data stored by other programs, which should not be normally be accessible. I discovered that the Gather instruction, meant to speed up accessing scattered data in memory, leaks the content of the internal vector register file during speculative execution. To exploit this vulnerability, I introduced Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques. You can read the paper I wrote about this for more detail.”
“AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack,” reads a statement that red team sent to ServeTheHome. “The attack can result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. This attack is similar to previous branch prediction-based attacks like Spectrev2 and Branch Type Confusion (BTC)/RetBleed. As with similar attacks, speculation is constrained within the current address space and to exploit, an attacker must have knowledge of the address space and control of sufficient registers at the time of RET (return from procedure) speculation. Hence, AMD believes this vulnerability is only potentially exploitable locally, such as via downloaded malware, and recommends customers employ security best practices, including running up-to-date software and malware detection tools.”