Hertzbleed is a new family of side-channel attacks associated with frequency side channels that may allow information disclosure. The issue was discovered and detailed by a group of researchers from University of Texas, University of Washington, and University of Illinois Urbana-Champaign.
More specifically, attackers could be able to steal cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling, shortly known as DVFS. The vulnerability affects modern Intel and AMD x86 processors.
Hertzbleed: CVE-2022-24436 and CVE-2022-23823
CVE-2022-24436 in Intel processors has been described as an observable behavioral in power management throttling for some Intel(R) Processors which may allow an authenticated user to potentially enable information disclosure via network access.
CVE-2022-23823 is a potential vulnerability in some AMD processors which can be triggered by using frequency scaling. This could allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
According to the researchers, the number of affected processors is quite large. According to Intel’s security advisory, Hertzbleed affects all Intel processors. “We experimentally confirmed that several Intel processors are affected, including desktop and laptop models from the 8th to the 11th generation Core microarchitecture,” the team stated.
Several of AMD’s desktop, mobile and server processors are affected. The researchers confirmed via experiments that AMD Ryzen processors are affected, including desktop and laptop models from the Zen 2 and Zen 3 microarchitectures.
“First, Hertzbleed shows that on modern x86 CPUs, power side-channel attacks can be turned into (even remote!) timing attacks—lifting the need for any power measurement interface. The cause is that, under certain circumstances, periodic CPU frequency adjustments depend on the current CPU power consumption, and these adjustments directly translate to execution time differences (as 1 hertz = 1 cycle per second).
Second, Hertzbleed shows that, even when implemented correctly as constant time, cryptographic code can still leak via remote timing analysis. The result is that current industry guidelines for how to write constant-time code (such as Intel’s one) are insufficient to guarantee constant-time execution on modern processors,” the researchers said.
Note that the Hertzbleed paper will be presented during the 31st USENIX Security Symposium (Boston, 10–12 August 2022). Fortunately, if you are interested in more details, you can download the preprint.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: