Downfall fallout: Intel knew AVX chips were insecure and did nothing, lawsuit claims
Intel has been sued by a handful of PC buyers who claim the x86 goliath failed to act when informed five years ago about faulty chip instructions that allowed the recent Downfall vulnerability, and during that period sold billions of insecure chips.
The lawsuit [PDF], filed on behalf of five plaintiffs in a US federal court in San Jose, California, claims Intel knew about the susceptibility of its AVX instruction set to side-channel attacks since 2018, but didn’t fix the defect until the disclosure of the Downfall hole this year, leaving affected computer buyers with no other option than to apply a patch that slows performance by as much as 50 percent.
Downfall refers to a microarchitectural flaw involving the AVX SIMD Gather instruction that can be exploited to read data from memory during speculative execution, which is a shortcut CPU cores take to boost their performance, mainly by anticipating what an application’s code will do next. Speculative execution makes computation faster, but presents the risk of data disclosure when the effects of those speculated calculations can be observed.
In Downfall’s case, malware on a vulnerable machine, or a rogue user, can exploit the flaw to potentially extract sensitive information, such as encryption keys, from memory that should be off-limits.
Downfall is one of a series of side-channel vulnerabilities identified following the 2018 disclosure of architecture flaws called Spectre and Meltdown, first reported by The Register.
Intel Core processors (6th to 11th generation) are affected by the Downfall flaw (CVE-2022-40982), which was publicly disclosed on August 8 this year.
The complaint says that in the summer of 2018, when Intel was dealing with Spectre and Meltdown, the manufacturer received two separate vulnerability reports from third-party researchers that warned that the microprocessor titan’s Advanced Vector Extensions (AVX) instruction set – which allows Intel CPU cores to perform operations on multiple pieces of data simultaneously, improving performance – was vulnerable to the same class of side-channel attack as those other two serious flaws.
The filing subsequently cites a June 16, 2018 social media post by hardware enthusiast Alexander Yee about a Spectre-like data-leaking hole involving AVX and a write-up by him that discusses proof-of-concept exploit code for the instruction set that was delayed until August 7, 2018, allegedly at the request of Intel.
The argument goes that the x86 goliath knew there was at least one speculative-execution side-channel hole in AVX while it was addressing the related Spectre-Meltdown design blunders. The plaintiffs believe Intel should have secured AVX back in 2018 after learning of Lee’s findings and while straightening out the Spectre-Meltdown mess, but the biz didn’t, and thus Downfall was discovered five years later in 2023.
“Despite promising a hardware redesign to mitigate speculative execution vulnerabilities during the exact time period researchers disclosed the vulnerabilities in Intel’s AVX instructions, Intel did nothing,” the complaint says.
“It did not fix its then-current chips, and over three successive generations, Intel did not redesign its chips to ensure that AVX instructions would operate securely when the CPU speculatively executed them.”
The complaint further claims that Intel had implemented “secret buffers” related to those instructions that had not been publicly known.
These would be the SIMD register buffers, which Daniel Moghimi, presently a senior research scientist at Google, described in his Downfall paper as “previously-undisclosed CPU components.” These date back at least to Skylake CPUs in 2015.
“Worse yet, Intel had implemented secret buffers associated with these instructions, which it never disclosed to anyone,” the complaint says.
“These secret buffers, coupled with side effects left in CPU cache, opened what was tantamount to a backdoor in Intel’s CPUs, allowing an attacker to use AVX instructions to easily obtain sensitive information from memory —including encryption keys used for Advanced Encryption Standard (‘AES’) encryption — by exploiting the very design flaw that Intel had supposedly fixed after Spectre and Meltdown.”
The issue with these buffers, as Moghimi found, was that they did not get purged by prior Intel mitigations designed to flush away stale data.
The complaint alleges that Intel has told customers since the release of its 9th generation CPUs in October 2018 that it implemented a hardware fix for the Spectre and Meltdown flaws and had mitigated those vulnerabilities on older processors. But the corporation, allegedly, knew its AVX instructions allowed a similar sort of attack.
Beyond Downfall, there have been other flaws related to AVX.
The court filing describes how the various plaintiffs have seen processor performance degradation when running games like Starfield and apps like Photoshop and Microsoft Publisher on PCs patched for Downfall.
Intel declined to comment in the lawsuit. ®
READ MORE HERE