Hertzbleed vulnerabiity in AMD and Intel CPUs could leak cryptographic keys
Intel says an attack probably wouldn't work outside a lab environment
Researchers have uncovered a side-channel vulnerability in AMD and Intel processors that could allow a remote attacker to steal cryptographic keys by observing the power signature while processing different cryptographic workloads.
Named Hertzbleed after the infamous Heartbleed OpenSSL glitch, the researchers from the universities of Texas, Illinois and Washington describe it as a new family of side-channel attacks referred to as frequency side channels.
"In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure," they say.
The vulnerability depends on a correlation between dynamic frequency scaling in the CPU and the data being processed, which can be tracked as processing time.
Dynamic frequency scaling is a feature of most modern processors, designed to efficiently regulate power consumption and temperature across a range of workloads.
All modern Intel processors are affected, while AMD says it impacts many Ryzen, Alton and EPYC models.
Arm processors also use frequency scaling, but it is not known which, if any, might be affected.
As this is a hardware vulnerability there is no easy fix, and disabling frequency scaling is likely to seriously affect performance, according to the researchers.
They state that it is unlikely that Intel or AMD will release microcode patches to mitigate Hertzbleed. However, both Intel and AMD provide guidance to mitigate Hertzbleed in software.
AMD, which tracks Hertzbleed as CVE-2022-23823 and classifies its risk as Medium, says, "As the vulnerability impacts a cryptographic algorithm having power analysis-based side-channel leakages, developers can apply countermeasures on the software code of the algorithm. Either masking, hiding or key-rotation may be used to mitigate the attack."
Intel, which tracks it as CVE-2022-24436, says that it would be difficult for an attacker to exploit the vulnerability.
"While this issue is interesting from a research perspective, we do not believe this attack to be practical outside of a lab environment," the company says in a security bulletin. "Also note that cryptographic implementations that are hardened against power side-channel attacks are not vulnerable to this issue."
However, the researchers insist the risk is genuine.
"Hertzbleed is a real, and practical, threat to the security of cryptographic software. We have demonstrated how a clever attacker can use a novel chosen-ciphertext attack against SIKE [Supersingular Isogeny Key Encapsulation] to perform full key extraction via remote timing, despite SIKE being implemented as 'constant time'."