Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.sys.intel > #760
| From | anonymous <anonymous@invalid.invalid> |
|---|---|
| Subject | Downfall fallout: Intel knew AVX chips were insecure and did nothing, lawsuit claims |
| Message-ID | <3a151458cd8c5817be66db4c47a3180d@dizum.com> (permalink) |
| Date | 2023-11-14 09:20 +0100 |
| Newsgroups | alt.comp.hardware.pc-homebuilt, alt.comp.os.windows-10, alt.privacy.anon-server, comp.sys.intel |
| Organization | dizum.com - The Internet Problem Provider |
Cross-posted to 4 groups.
Billions of data-leaking processors sold despite warnings and patch just
made them slower, punters complain
Intel has been sued by a handful of PC buyers who claim the x86 goliath
failed to act when informed five years ago about faulty chip instructions
that allowed the recent Downfall vulnerability, and during that period
sold billions of insecure chips.
https://regmedia.co.uk/2023/11/09/pacer_intel_downfall_lawsuit.pdf
The lawsuit [PDF], filed on behalf of five plaintiffs in a US federal
court in San Jose, California, claims Intel knew about the susceptibility
of its AVX instruction set to side-channel attacks since 2018, but didn't
fix the defect until the disclosure of the Downfall hole this year,
leaving affected computer buyers with no other option than to apply a
patch that slows performance by as much as 50 percent.
Downfall refers to a microarchitectural flaw involving the AVX SIMD Gather
instruction that can be exploited to read data from memory during
speculative execution, which is a shortcut CPU cores take to boost their
performance, mainly by anticipating what an application's code will do
next. Speculative execution makes computation faster, but presents the
risk of data disclosure when the effects of those speculated calculations
can be observed.
In Downfall's case, malware on a vulnerable machine, or a rogue user, can
exploit the flaw to potentially extract sensitive information, such as
encryption keys, from memory that should be off-limits.
Downfall is one of a series of side-channel vulnerabilities identified
following the 2018 disclosure of architecture flaws called Spectre and
Meltdown, first reported by The Register.
Intel Core processors (6th to 11th generation) are affected by the
Downfall flaw (CVE-2022-40982), which was publicly disclosed on August 8
this year.
https://www.intel.com/content/www/us/en/developer/topic-
technology/software-security-guidance/processors-affected-consolidated-
product-cpu-model.html
https://downfall.page/
The complaint says that in the summer of 2018, when Intel was dealing with
Spectre and Meltdown, the manufacturer received two separate vulnerability
reports from third-party researchers that warned that the microprocessor
titan's Advanced Vector Extensions (AVX) instruction set – which allows
Intel CPU cores to perform operations on multiple pieces of data
simultaneously, improving performance – was vulnerable to the same class
of side-channel attack as those other two serious flaws.
The filing subsequently cites a June 16, 2018 social media post by
hardware enthusiast Alexander Yee about a Spectre-like data-leaking hole
involving AVX and a write-up by him that discusses proof-of-concept
exploit code for the instruction set that was delayed until August 7,
2018, allegedly at the request of Intel.
https://x.com/Mysticial/status/1007884805026013184
http://www.numberworld.org/blogs/2018_6_16_avx_spectre/
The argument goes that the x86 goliath knew there was at least one
speculative-execution side-channel hole in AVX while it was addressing the
related Spectre-Meltdown design blunders. The plaintiffs believe Intel
should have secured AVX back in 2018 after learning of Lee's findings and
while straightening out the Spectre-Meltdown mess, but the biz didn't, and
thus Downfall was discovered five years later in 2023.
"Despite promising a hardware redesign to mitigate speculative execution
vulnerabilities during the exact time period researchers disclosed the
vulnerabilities in Intel’s AVX instructions, Intel did nothing," the
complaint says.
"It did not fix its then-current chips, and over three successive
generations, Intel did not redesign its chips to ensure that AVX
instructions would operate securely when the CPU speculatively executed
them."
The complaint further claims that Intel had implemented "secret buffers"
related to those instructions that had not been publicly known.
These would be the SIMD register buffers, which Daniel Moghimi, presently
a senior research scientist at Google, described in his Downfall paper as
"previously-undisclosed CPU components." These date back at least to
Skylake CPUs in 2015.
"Worse yet, Intel had implemented secret buffers associated with these
instructions, which it never disclosed to anyone," the complaint says.
"These secret buffers, coupled with side effects left in CPU cache, opened
what was tantamount to a backdoor in Intel’s CPUs, allowing an attacker to
use AVX instructions to easily obtain sensitive information from memory
—including encryption keys used for Advanced Encryption Standard ('AES')
encryption — by exploiting the very design flaw that Intel had supposedly
fixed after Spectre and Meltdown."
The issue with these buffers, as Moghimi found, was that they did not get
purged by prior Intel mitigations designed to flush away stale data.
The complaint alleges that Intel has told customers since the release of
its 9th generation CPUs in October 2018 that it implemented a hardware fix
for the Spectre and Meltdown flaws and had mitigated those vulnerabilities
on older processors. But the corporation, allegedly, knew its AVX
instructions allowed a similar sort of attack.
Beyond Downfall, there have been other flaws related to AVX.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-
00381.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-
00329.html
The court filing describes how the various plaintiffs have seen processor
performance degradation when running games like Starfield and apps like
Photoshop and Microsoft Publisher on PCs patched for Downfall.
Intel declined to comment in the lawsuit. ®
https://www.theregister.com/2023/11/09/intel_downfall_lawsuit/
Back to comp.sys.intel | Previous | Next | Find similar
Downfall fallout: Intel knew AVX chips were insecure and did nothing, lawsuit claims anonymous <anonymous@invalid.invalid> - 2023-11-14 09:20 +0100
csiph-web