OpenSSL statement on the recent Intel/AMD Downfall/Inception vulnerabilities
Last week marked the public announcement of the Downfall vulnerability in Intel CPUs and the Inception vulnerability in AMD CPUs. Both of these are microarchitectural side-channel attacks allowing an attacker with unprivileged execution on the same physical core as a victim process to extract confidential information from that process.
This blog post provides information and advice for users of OpenSSL. Specifically, it provides information on how users of OpenSSL may be affected by these vulnerabilities, and advice for users of OpenSSL on mitigation strategies.
Downfall Attack against Intel CPUs
Firstly, it should be noted that while the Downfall vulnerability is demoed against OpenSSL, this is a highly general microarchitectural side-channel attack which can compromise the security of essentially any software and is not specific to OpenSSL (nor is it something we could mitigate with code changes). This is not a vulnerability in OpenSSL.
Affected processors
This attack affects a large number of Intel processors across multiple generations, including Skylake, Tiger Lake and those generations in between. Exact details of affected models can be confirmed on the Intel website.
Note: The table lists a number of different historic side-channel vulnerabilities; the “Gather Data Sampling” (CVE-2022-40982) column is the relevant column. “MCU” means a processor is affected and that a microcode update has been issued.
What this attack enables
If an attacker can obtain local (but unprivileged) execution on a machine with an affected CPU, and they are able to schedule that process on the same physical core as another process, and they are able to execute AVX instructions, you should assume they are able to obtain read access to any information stored within that process’s memory.
It should be stressed that this attack is entirely dependent on an adversary being able to execute code on the same physical system as a victim process; therefore, systems which only execute code installed by trusted parties are not at risk. However, virtual machines (in the absence of the mitigations advised below) are not an effective protection.
The requirement for executing on the same physical core as a victim process can be met either by OS context switching or via hyperthreading.
Because OpenSSL provides accelerated implementations of many cryptographic primitives using x86 SIMD instructions, if an attacker executes an attack using this vulnerability on a process performing cryptographic operations using OpenSSL, there is an elevated risk that the information they are able to extract will include cryptographic key material or plaintexts, as this material is likely to have been recently processed in the victim process using SIMD instructions. In other words, the risk to key material or other cryptographic material is particularly high.
However, this does not mean that other information stored in a process is not vulnerable to compromise and we would recommend that users assume that all information stored in a vulnerable process is accessible to an attacker. While there are potentially limitations to the exploitation techniques published, the qualifiers to any such limitations are sufficiently complex to be unable to make assurances in any particular area.
Recommended mitigation
The following mitigations are available:
-
Intel have released microcode updates for affected CPUs and the best course of action to mitigate these vulnerabilities is to deploy these microcode updates as soon as possible.
-
In the absence of the ability to deploy these microcode updates, an alternative mitigation is to disable the ability to use AVX instructions in any untrusted process. This will generally require an OS update; for example, a mitigation patch is now available for the Linux kernel which allows this to be configured. Disabling AVX may break applications which have been designed or compiled under the assumption that AVX is available.
It should be emphasised that a victim process does not need to execute AVX instructions to be affected. Exploitation can only be mitigated by preventing an attacker process from executing AVX instructions.
The immediate indicated mitigation action is to install the microcode updates providing mitigation for this vulnerability provided by Intel, or system firmware updates incorporating those microcode updates provided by your system vendor. Further information on how to deploy these microcode updates is available below.
The disabling of AVX should be seen as a fallback mitigation where it is not feasible to deploy these microcode or system firmware updates.
The following are not effective mitigations:
- A victim process cannot render itself immune to exploitation by refraining from use of AVX instructions, or all SIMD instructions. While the Downfall vulnerability targets code which makes use of 128-bit or wider data accesses, this includes the standard x86 XSAVE instruction which OS kernels use to save and restore process context. Therefore, even if an application recompiled itself to avoid any use of any SIMD instruction whatsoever, the contents of its registers would be exposed to an attacker whenever a context switch occurs.
It may be possible to provide mitigation by scheduling untrusted processes on separate physical cores to trusted processes, however we would not recommend trying to adopt this as a mitigation strategy, as it requires users to accurately classify trusted and untrusted processes, and to correctly configure process scheduling affinity. It would be hard for users to verify that this has been configured correctly, and there is substantial risk of misconfiguration.
Tracking mitigation deployment
An OS update may provide an indication of whether your hardware is vulnerable or not, and whether updated microcode providing mitigation for the vulnerability has been loaded. These OS updates may also provide the ability to disable AVX where such microcode updates are not loaded, but this generally needs to be explicitly requested and is not enabled by default. Note that a kernel update by itself will not load the updated microcode. Information on how to configure and verify operation for Linux-based operating systems is available here.
It is advisable to use these status reporting facilities, where available, to verify correct deployment of mitigations for this vulnerability.
It can be valuable to install these OS updates even on systems which are not affected in order to get this status reporting, as this can ease confirming whether a system is affected or not.
Obtaining microcode updates
To deploy the microcode updates for affected processors provided by Intel, there are two options:
-
Install a system firmware update which incorporates these microcode updates provided by your system vendor. These updates will automatically deploy the microcode update at boot time. This is the preferred option.
-
Alternatively, if a firmware update is not available from your system vendor, you can install the Intel microcode update yourself using the procedures specific to your OS. Note that microcode updates need to be applied on every boot.
Note also that it is generally advised to apply microcode updates as early as possible in the boot process.
You can confirm correct deployment of microcode using the mitigation status reporting mechanism provided by your (updated) OS, if your OS provides one, as discussed above.
Alternatively, you can verify the reported running microcode version numbers directly where your OS provides facilities to do so. Refer to the Intel bulletin for patched microcode version numbers.
Inception Attack against AMD CPUs
Although announced at the same time as the Downfall attack, this attack is a separate microarchitectural side-channel attack which is unrelated to Downfall and does not rely on AVX functionality.
This attack affects Zen 1, 2, 3 and 4.
What this attack enables
Similarly to the Downfall attack, successful exploitation of this vulnerability requires an attacker have local (though unprivileged) execution on an affected CPU. If an attacker is able to obtain local unprivileged execution on an affected system, you should assume they are able to obtain read access to any information stored in memory. For example, the attack can be used to obtain information stored in the kernel, or in other processes, or file contents cached in memory by the kernel.
It should be stressed that this attack is entirely dependent on an adversary being able to execute code on the same physical system as a victim process; therefore, systems which only execute code installed by trusted parties are not at risk. However, virtual machines (in the absence of the mitigations advised below) are not an effective protection.
Recommended mitigation
An OS update is always required (and always sufficient) to fully mitigate this vulnerability.
The immediate indicated mitigation action is to install the updates providing mitigation for this vulnerability provided by your OS vendor as soon as they become available.
Microcode updates
AMD has also released microcode updates for Zen 3 and 4. Installing these updates is not essential to effective mitigation of this vulnerability, as OS updates alone are capable of adequate mitigation. However, installing these updates may improve performance when mitigations for this vulnerability are enabled. In any case, installation of these updates is recommended.
These microcode updates are not needed for Zen 1 and 2.
Installing microcode updates alone does not provide adequate mitigation.
To reiterate, the indicated mitigation actions are as follows:
- Zen 1 and Zen 2: Install OS updates.
- Zen 3 and Zen 4: Install OS updates. If possible, deploy microcode updates (see below), though this is not required for full mitigation.
Tracking mitigation deployment
Once an OS update is installed, the update may be able to provide an indication of whether your hardware is vulnerable or not and, if so, whether mitigations are in place. Information on how to configure and verify operation for Linux-based operating systems is available here.
It is advisable to use these status reporting facilities, where available, to verify correct deployment of mitigations for this vulnerability.
For Linux, the “safe RET” and “IBPB” mitigation levels correspond to full mitigation of this vulnerability. All other mitigation levels provide only partial protection. The string “no microcode” will also appear in the status string if a microcode update is desirable but not present.
It can be valuable to install these OS updates even on systems which are not affected in order to get this status reporting, as this can ease confirming whether a system is affected or not.
Obtaining microcode updates for Zen 3 and 4
To deploy the microcode updates for Zen 3 and 4 provided by AMD, there are two options:
-
Install a system firmware update which incorporates these microcode updates provided by your system vendor. These updates will automatically deploy the microcode update at boot time. This is the preferred option.
-
Alternatively, if a firmware update is not available from your system vendor, you can install the AMD microcode update yourself using the procedures specific to your OS. Note that microcode updates need to be applied on every boot.
Note also that it is generally advised to apply microcode updates as early as possible in the boot process.
You can confirm correct deployment of microcode using the mitigation status reporting mechanism provided by your (updated) OS, if your OS provides one, as discussed above.
Alternatively, you can verify the reported running microcode version numbers directly where your OS provides facilities to do so. Refer to the AMD bulletin for patched microcode version numbers.