Downfall and Zenbleed - Modern Processor Attacks - 20230810001¶
Overview¶
In recent months, two major CPU vulnerabilities have been announced that affect both Intel and AMD CPU's. These two brands account for almost all CPU's in modern computing and therefore considerable risk exists for those using unpatched hardware. These vulnerabilities dubbed Downfall (Intel) and Zenbleed (AMD - previous advisory here) allow attackers to obtain sensitive information in shared computer environments, including cloud-hosted servers. Agencies are encouraged to reach out to their vendors and MSPs to ensure they are protected from these risks.
What is the vulnerability?¶
AMD¶
CVE-2023-20593 - Zenbleed
An issue in Zen 2 CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
Intel¶
CVE-2022-40982 - Downfall
The vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software. This allows untrusted software to access data stored by other programs, which should not normally be accessible.
What is vulnerable?¶
AMD¶
The vulnerability affects all AMD Zen2 Processors. A more comprehensive list of affected processors is available in an article here.
Intel¶
Intel Core processors from the 6th Skylake to (including) the 11th Tiger Lake generation are affected. A more comprehensive list of affected processors will be available here.
Recommendation¶
The WA SOC recommends administrators pay close attention to latest available updates on their hardware using AMD or Intel processors and reach out to their vendors, IT staff and Managed Service Providers (MSP) to ensure they are mitigating risks. Risks from unchecked MSPs are of particular concern due to recent history of compromises.