Vulnerability details from Intel

• CVEID: CVE-2022-40982
• Description: Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access.
• CVSS Base Score: 6.5 Medium
• CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Downfall overview

Downfall is a new side-channel vulnerability that leaks information from Intel processors at the microarchitecture level. The vulnerability impacts the majority of Intel processors, allowing an attacker to steal confidential information. As it applies to Intel SGX, an advanced attacker would need to obtain privileged kernel-level access to extract actively used symmetric encryption keys (AES keys).

Fireblocks customers are at low risk from the Downfall vulnerability due to the distribution of MPC key shares across multiple environments, privileged access required on each SGX enclave, and significant impact on system performance to run the exploit, ultimately making the attack impractical.

Downfall has been patched by Intel in its latest (August 2023) microcode update and is categorized as Medium severity. The latest microcode update will be deployed on all Fireblocks production servers at the next planned maintenance window occurring on August 20, 2023.

On an unpatched system, for an attacker to leak the MPC key share from an SGX-based Co-Signer using the Downfall vulnerability, they would need to first gain privileged kernel-level permissions and install the SGXStep driver, which would result in system performance slowing between 1,000 and 10,000 times. The Fireblocks Co-Signer monitoring system would immediately detect this significant degradation in performance, alerting the Fireblocks security team about the issue and preventing the attacker from continuing the exploit.

Furthermore, the attacker would need to reboot the Co-Signer several dozen times before leaking a single MPC key share. The attacker would then need to repeat this process across the remaining Co-Signers (Fireblocks and customer-hosted) in order to gain access to the full private key.

Analysis and impact on Intel SGX

Downfall allows an attacker to probe for values of specific CPU registers commonly used in advanced arithmetic operations, such as encryption, and more specifically SIMD registers used in advanced instruction sets, such as MMX or AVX. The impact of the vulnerability comes from the possibility that an attacker could be allowed to steal AES keys. This is because most AES implementations use the AES-NI instruction set to optimize AES operations, which leverages SIMD registers that can be leaked using the Downfall vulnerability.

Intel SGX enclaves are also vulnerable to Downfall since MMX registers can be probed through a side-channel attack. Therefore, if an attacker is able to initiate a context switch during an encryption or decryption process, there is a chance that segments of the AES key will be leaked through these registers.

To fully exploit this vulnerability on a CPU with HyperThreading disabled, an attacker would have to first gain privileged kernel-level permissions in order to install the SGXStep kernel driver. The attacker would then use SGXStep to force a context switch on a very high frequency, which could gradually leak the AES key from the SGX enclave.