Downfall and Zenbleed vulnerabilities

Fortiguard Security Advisory

Two side channel hardware vulnerabilities named Downfall (CVE-2022-40982) and Zenbleed (CVE-2023-20593) impact Intel and AMD processors.
“Downfall attacks target a critical weakness found in billions of modern processors used in personal and cloud computers. This vulnerability, identified as CVE-2022-40982, enables a user to access and steal data from other users who share the same computer. For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages.” [1]
“The vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software. ” [1]
“Zenbleed, affecting AMD CPUs, shows that incorrectly implemented speculative execution of the SIMD Zeroupper instruction leaks stale data from physical hardware registers to software registers. Zeroupper instructions should clear the data in the upper-half of SIMD registers (e.g., 256-bit register YMM) which on Zen2 processors is done by just setting a flag that marks the upper half of the register as zero. However, if on the same cycle as a register to register move the Zeroupper instruction is mis-speculated, the zero flag doesnt get rolled back properly, leading to the upper-half of the YMM register to hold stale data rather than the value of zero. Similar to Downfall, leaking stale data from physical hardware registers expose the data from other users who share the same CPU core and its internal physical registers.” [2]
These vulnerabilities may allow a local attacker to potentially access sensitive information, entire XMM/YMM/ZMM register (Downfall) and upper-half of 256-bit YMM Registers (Zenbleed).
Zenbleed is impacting all Zen 2 class processors : 

AMD Ryzen 3000 Series Processors
AMD Ryzen PRO 3000 Series Processors
AMD Ryzen Threadripper 3000 Series Processors
AMD Ryzen 4000 Series Processors with Radeon Graphics
AMD Ryzen PRO 4000 Series Processors
AMD Ryzen 5000 Series Processors with Radeon Graphics
AMD Ryzen 7020 Series Processors with Radeon Graphics
AMD EPYC “Rome” Processors

Downfall is impacting  Intel processor (6th Skylake to (including) the 11th Tiger Lake generation).
[1] https://downfall.page/
[2] https://security.googleblog.com/2023/08/downfall-and-zenbleed-googlers-helping.html
 

READ MORE