• Downfall fallout: Intel knew AVX chips were insecure and did nothing, l

    From anonymous@21:1/5 to All on Tue Nov 14 09:20:21 2023
    XPost: alt.comp.hardware.pc-homebuilt, alt.privacy.anon-server, comp.sys.intel

    Billions of data-leaking processors sold despite warnings and patch just
    made them slower, punters complain

    Intel has been sued by a handful of PC buyers who claim the x86 goliath
    failed to act when informed five years ago about faulty chip instructions
    that allowed the recent Downfall vulnerability, and during that period
    sold billions of insecure chips.

    https://regmedia.co.uk/2023/11/09/pacer_intel_downfall_lawsuit.pdf

    The lawsuit [PDF], filed on behalf of five plaintiffs in a US federal
    court in San Jose, California, claims Intel knew about the susceptibility
    of its AVX instruction set to side-channel attacks since 2018, but didn't
    fix the defect until the disclosure of the Downfall hole this year,
    leaving affected computer buyers with no other option than to apply a
    patch that slows performance by as much as 50 percent.

    Downfall refers to a microarchitectural flaw involving the AVX SIMD Gather instruction that can be exploited to read data from memory during
    speculative execution, which is a shortcut CPU cores take to boost their performance, mainly by anticipating what an application's code will do
    next. Speculative execution makes computation faster, but presents the
    risk of data disclosure when the effects of those speculated calculations
    can be observed.

    In Downfall's case, malware on a vulnerable machine, or a rogue user, can exploit the flaw to potentially extract sensitive information, such as encryption keys, from memory that should be off-limits.

    Downfall is one of a series of side-channel vulnerabilities identified following the 2018 disclosure of architecture flaws called Spectre and Meltdown, first reported by The Register.

    Intel Core processors (6th to 11th generation) are affected by the
    Downfall flaw (CVE-2022-40982), which was publicly disclosed on August 8
    this year.

    https://www.intel.com/content/www/us/en/developer/topic- technology/software-security-guidance/processors-affected-consolidated- product-cpu-model.html

    https://downfall.page/

    The complaint says that in the summer of 2018, when Intel was dealing with Spectre and Meltdown, the manufacturer received two separate vulnerability reports from third-party researchers that warned that the microprocessor titan's Advanced Vector Extensions (AVX) instruction set – which allows
    Intel CPU cores to perform operations on multiple pieces of data simultaneously, improving performance – was vulnerable to the same class
    of side-channel attack as those other two serious flaws.

    The filing subsequently cites a June 16, 2018 social media post by
    hardware enthusiast Alexander Yee about a Spectre-like data-leaking hole involving AVX and a write-up by him that discusses proof-of-concept
    exploit code for the instruction set that was delayed until August 7,
    2018, allegedly at the request of Intel.

    https://x.com/Mysticial/status/1007884805026013184

    http://www.numberworld.org/blogs/2018_6_16_avx_spectre/

    The argument goes that the x86 goliath knew there was at least one speculative-execution side-channel hole in AVX while it was addressing the related Spectre-Meltdown design blunders. The plaintiffs believe Intel
    should have secured AVX back in 2018 after learning of Lee's findings and
    while straightening out the Spectre-Meltdown mess, but the biz didn't, and
    thus Downfall was discovered five years later in 2023.

    "Despite promising a hardware redesign to mitigate speculative execution vulnerabilities during the exact time period researchers disclosed the vulnerabilities in Intel’s AVX instructions, Intel did nothing," the
    complaint says.

    "It did not fix its then-current chips, and over three successive
    generations, Intel did not redesign its chips to ensure that AVX
    instructions would operate securely when the CPU speculatively executed
    them."

    The complaint further claims that Intel had implemented "secret buffers" related to those instructions that had not been publicly known.

    These would be the SIMD register buffers, which Daniel Moghimi, presently
    a senior research scientist at Google, described in his Downfall paper as "previously-undisclosed CPU components." These date back at least to
    Skylake CPUs in 2015.

    "Worse yet, Intel had implemented secret buffers associated with these instructions, which it never disclosed to anyone," the complaint says.

    "These secret buffers, coupled with side effects left in CPU cache, opened
    what was tantamount to a backdoor in Intel’s CPUs, allowing an attacker to
    use AVX instructions to easily obtain sensitive information from memory —including encryption keys used for Advanced Encryption Standard ('AES') encryption — by exploiting the very design flaw that Intel had supposedly
    fixed after Spectre and Meltdown."

    The issue with these buffers, as Moghimi found, was that they did not get purged by prior Intel mitigations designed to flush away stale data.

    The complaint alleges that Intel has told customers since the release of
    its 9th generation CPUs in October 2018 that it implemented a hardware fix
    for the Spectre and Meltdown flaws and had mitigated those vulnerabilities
    on older processors. But the corporation, allegedly, knew its AVX
    instructions allowed a similar sort of attack.

    Beyond Downfall, there have been other flaws related to AVX.

    https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa- 00381.html

    https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa- 00329.html

    The court filing describes how the various plaintiffs have seen processor performance degradation when running games like Starfield and apps like Photoshop and Microsoft Publisher on PCs patched for Downfall.

    Intel declined to comment in the lawsuit. ®

    https://www.theregister.com/2023/11/09/intel_downfall_lawsuit/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)