The Debian Project released today updated kernel and intel-microcode packages for all supported Debian GNU/Linux releases to address the recently disclosed “Downfall” vulnerability affecting Intel CPUs, as well as the “INCEPTION” hardware vulnerability affecting AMD Zen CPUs.
Discovered by Daniel Moghimi, “Downfall” (a.k.a. CVE-2022-40982) is a GDS (Gather Data Sampling) hardware vulnerability that allows unprivileged speculative access to data that was previously stored in vector registers.
Affecting both Debian GNU/Linux 11 “Bullseye” and Debian GNU/Linux 12 “Bookworm” systems, this vulnerability allows a user to access and steal data from other users on the same computer.
“For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages,” says Daniel Moghimi.
This flaw is now patched in the 5.10.179-5 kernel package of Debian GNU/Linux 11 “Bullseye” and 6.1.38-4 kernel package of Debian GNU/Linux 12 “Bookworm”. However, to fully mitigate the vulnerability, users will also have to install the intel-microcode 3.20230808.1~deb11u1 package.
The new intel-microcode security update also patches CVE-2022-41804, an unauthorized error injection in Intel SGX or Intel TDX for some Intel Xeon CPUs that may allow a local user to potentially escalate privileges, as well as CVE-2023-23908, a flaw that would lead to improper access control in some 3rd Gen Intel Xeon Scalable CPUs, which may result in an information leak.
On top of that, the new Debian Bullseye and Bookworm kernel security updates address CVE-2023-20569, a security flaw known as “INCEPTION” or Speculative Return Stack Overflow (SRSO), another hardware vulnerability that affects all AMD Zen CPUs.
Discovered by Daniel Trujillo, Johannes Wikner, and Kaveh Razavi, this flaw could allow an attacker to mis-train the CPU BTB to predict non-architectural CALL instructions in the kernel space. Then, the attacker could use this to control the speculative target of a subsequent kernel RET, which could lead to information disclosure via a speculative side-channel attacks.
To mitigate the “Downfall” and “INCEPTION” flaws, the Debian Project recommends all Debian Bullseye and Bookworm users to update their kernel and intel-microcode packages to the new versions available in the repositories as soon as possible.
To update your installations, run the sudo apt update && sudo apt full-upgrade command in a terminal emulator.