Connect with us

Hi, what are you looking for?


Endpoint Security

Downfall: New Intel CPU Attack Exposing Sensitive Information

Google researcher discloses the details of an Intel CPU attack method named Downfall that may be remotely exploitable.

Intel Downfall CPU attack

The details of a new side-channel attack targeting Intel processors were disclosed on Tuesday.

The attack, discovered by a researcher at Google and named Downfall, leverages a vulnerability tracked as CVE-2022-40982. 

Similar to other CPU attack methods, Downfall can be exploited by a local attacker or a piece of malware to obtain sensitive information, such as passwords and encryption keys, belonging to the targeted device’s users.

This transient execution attack also works against cloud environments, allowing an attacker to steal data from other users on the same cloud computer. 

“The vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software. This allows untrusted software to access data stored by other programs, which should not be normally be accessible,” explained 

Daniel Moghimi, the Google senior research scientist who discovered the flaw. 

“I discovered that the Gather instruction, meant to speed up accessing scattered data in memory, leaks the content of the internal vector register file during speculative execution. To exploit this vulnerability, I introduced Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques,” Moghimi added. 

Moghimi, who reported his findings to Intel one year ago, said the GDS method is “highly practical” — he has created a proof-of-concept (PoC) exploit that can steal encryption keys from OpenSSL. 

Advertisement. Scroll to continue reading.

Remote attacks conducted via a web browser are theoretically also possible, but additional research is needed to demonstrate such an attack.

Intel published a security advisory on Tuesday to inform customers about CVE-2022-40982, which it has rated ‘medium severity’. 

“Intel is releasing firmware updates and an optional software sequence to mitigate this potential vulnerability,” the chipmaker said.

Intel Xeon and Core processors released over the past decade are affected, and the Intel SGX hardware security feature is also impacted, according to the researcher.

Google researchers recently also disclosed Zenbleed, an AMD Zen 2 processor vulnerability that can allow an attacker to access sensitive information. 

The same day Downfall was disclosed, researchers at ETH Zurich disclosed the details of Inception, an attack that leaks potentially sensitive data from anywhere in the memory of a device powered by an AMD Zen processor.

Update: Intel has provided the following statement to SecurityWeek:

“The security researcher, working within the controlled conditions of a research environment, demonstrated the GDS issue which relies on software using Gather instructions. While this attack would be very complex to pull off outside of such controlled conditions, affected platforms have an available mitigation via a microcode update. Recent Intel processors, including Alder Lake, Raptor Lake and Sapphire Rapids, are not affected. Many customers, after reviewing Intel’s risk assessment guidance, may determine to disable the mitigation via switches made available through Windows and Linux operating systems as well as VMMs.In public cloud environments, customers should check with their provider on the feasibility of these switches.”

Related: Intel, AMD Address Many Vulnerabilities With Patch Tuesday Advisories

Related: Chipmaker Patch Tuesday: Intel, AMD Address Over 100 Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.