Security
Engage with our experts on security topics
60 Discussions

Chips & Salsa Episode 19 - June 2022 Security Advisories - Hertzbleed

IPAS_Security
Employee
1 0 5,233

Hi everyone,

Today we released three advisories addressing 6 medium severity CVEs. All these issues were found by Intel employees as part of our ongoing product security assurance investment. However, CVE-2022-24436, was subsequently found and reported to Intel by a group of academic researchers.

In today’s episode of Chips & Salsa, CRob and I got the opportunity to talk to Intel security researchers Chen Liu and Neer Roggel, who originally found CVE-2022-24436 (INTEL-SA-00698), about what they found, and the guidance released by Intel today. In addition, we were lucky enough to get two of the academic researchers, Yingchen Wang (UT Austin) and Riccardo Paccagnella (UIUC), to sit down with us to talk about their findings which they published in a paper titled “Hertzbleed: Turning Power Side-Channel Attacks into Remote Timing Attacks on x86”.

While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment. Also note that cryptographic implementations that are hardened against power side-channel attacks are not vulnerable to this issue. Also, CVE-2022-24436 is not architecture specific and any modern CPU that has dynamic power and thermal management is potentially affected Intel shared its findings with other silicon vendors so they could assess their potential impact.

To mitigate INTEL-SA-00689, Intel has released guidance for cryptographic implementations.

Intel has been asked if disabling turbo boost is a possible mitigation for Hertzbleed. The throttling side-channel is caused by throttling when system power/current hits certain reactive limit, regardless of whether turbo boost is enabled or not. Please refer to Intel’s recommended software guidance for cryptographic implementations to address this issue.

 

Update 6/15/2022: Intel research paper has been published to arXiv: https://arxiv.org/abs/2206.07012

 

Regarding INTEL-SA-00615, Intel processors MMIO stale data advisory, customers need to know that in addition to the microcode update addressing this at the hardware level, they will also need to apply updates from their operating system and hypervisor vendors to complete the mitigation. We also published two papers associated with this issue. One is a brief overview and the other a technical deep dive. Please check with your systems manufacturer for firmware updates. You can find a list of OEM support sites here on intel.com.

Finally, guidance is also provided as mitigation for INTEL-SA-00645 which you can find here.

Regards,

Jerry Bryant
Sr. Director of Security Communications and Incident Response
Intel Product Assurance and Security

About the Author
Intel Product Assurance and Security (IPAS) is designed to serve as a security center of excellence – a sort of mission control – that looks across all of Intel. Beyond addressing the security issues of today, we are looking longer-term at the evolving threat landscape and continuously improving product security in the years ahead.