Intel and researchers from UT Austin, UIUC, and UW published papers today outlining the 'Hertzbleed' chip vulnerability that allows side-channel attacks that can steal secret AES cryptographic keys by observing the CPU's boost frequency/power mechanisms. According to external researchers, both Intel and AMD CPUs are impacted, but AMD hasn't issued an advisory yet. The vulnerability doesn't impact all cryptographic code, but some mitigation techniques for impacted systems come with as-yet-undefined performance penalties. Intel says it had found this vulnerability via internal security investigations, but external research teams later disclosed their findings to the company. Today's coordinated disclosure brings the issue into the public eye, but it is likely that CPUs from other vendors are also impacted.
Like all side-channel attacks, a Hertzbleed-based attack steals data by observing or exploiting a secondary effect of an operation on a system. In this case, by observing the power signature of any given cryptographic workload. As with most workloads, the power signature of a cryptographic workload varies due to the CPU's dynamic boost clock frequency adjustments during the workload. An attacker can convert that power information to timing data, allowing them to steal cryptographic keys. Cryptographic implementations that are already hardened against power side-channel attacks aren't susceptible to the Hertzbleed vulnerability.
The vulnerability impacts all Intel processors and AMD Zen 2 and Zen 3, but it isn't clear if it will impact the upcoming Zen 4 Ryzen 7000.
Hertzbleed can be exploited remotely — it doesn't require physical access. It has only been proven on Intel and AMD silicon. However, it should theoretically apply to almost all modern CPUs because it works by observing the power algorithms behind the Dynamic Voltage Frequency Scaling (DVFS) technique, a staple of modern processors. As such, this isn't a microarchitecture-specific attack — any processor with dynamic power and thermal management is potentially impacted. Intel says this has prompted it to share its findings with other chipmakers so they can assess any potential impact.
Intel says that it doesn't think this attack is practical outside of a lab environment, partially because it takes "hours to days" to steal a cryptographic key. Additionally, an exploit based on this attack would require sophisticated high-resolution power monitoring capabilities.
Intel's mitigation includes software fixes for any code that is susceptible to enabling a power side-channel attack — the company is not deploying firmware fixes. AMD is also not issuing a microcode patch. However, as you can see in the table above, some of the mitigation techniques do have a 'high' impact on performance. This varies by technique and whether or not it can be accomplished in hardware or software, or a combination of both.
In some cases, the attack can be thwarted by disabling Turbo Boost (Intel) or Precision Boost (AMD) entirely, but that has a tremendous performance impact. However, this doesn't protect against all attacks. We're working on getting a more precise definition of any performance impacts for the other techniques. Hertzbleed has been assigned the Intel-SA-00698 ID and CVE-2022-24436 ID for Intel, and CVE-2022-23823 for AMD.
We're boiling down the Hertzbleed vulnerability to the essence of how it works, there are many more details to be found in both the original papers and Intel's guidance on the matter — head here for a deeper description.
The Hertzbleed report comes amid a broader Intel release today that includes three security advisories that cover six vulnerabilities, all of which intel found through its own internal research. Intel has revamped its internal security investigation apparatus in the wake of the Spectre and Meltdown vulnerabilities, bolstering its efforts to find vulnerabilities in its own chips before the security weaknesses are discovered in the wild.
Today's advisory includes the MMIO Stale Data Advisory vulnerability that's listed as Intel-SA-00615. This vulnerability requires both firmware and operating system/hypervisor updates to fully rectify the hardware vulnerability. Intel has published a brief overview and a technical deep dive. Finally, the MMIO Undefined Access Advisory covers a hypervisor vulnerability (Intel-SA-00645). Intel has posted guidance for mitigating this vulnerability here.