Red Hat response to Hertzbleed (CVE-2022-24436, CVE-2022-23823) vulnerability

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux
  • AMD and Intel CPUs

Issue

Hertzbleed is a frequency side-channel attack that exploits the dynamic frequency scaling of modern x86 processors depending on the data being processed. In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers.

This issue affects AMD (CVE-2022-23823) and Intel (CVE-2022-24436) processors.

Resolution

This vulnerability is intrinsic to processors and there are no Operating System / Microcode mitigations or fixes for this vulnerability.

Root Cause

Modern CPUs support Dynamic Voltage and Frequency Scaling (DVFS). DVFS is the adjustment of power and speed settings on a computing device's various processors, controller chips, and peripheral devices to optimize resource allotment for tasks and maximize power saving when those resources are not needed.

Under certain circumstances, DVFS-induced variations in CPU frequency depend on the current power consumption (and hence, data) at the granularity of milliseconds. Hertzbleed takes advantage of this CPU feature to allow a potentially remote attacker, to mount a side-channel attack on a cryptographic implementation. In worse conditions, this attack could allow the extraction of private cryptographic keys from remote servers.

Cryptographic implementations may be vulnerable to this form of attack when ALL of the following conditions are met:

  • The ability to repeatedly initiate cryptographic operations with the same secret key to collect enough data.
  • For block ciphers, the ability to read input/output or inter-round state of the block cipher primitives.
  • The attacker needs to be able to sample CPU frequency while the victim workload is running, or else observe the execution time of the victim workload with sufficient resolution to identify data-dependent differences in the measured information.

Based on the above requirements to carry a successful attack, Red Hat Product Security believes that the attack is not practical in real life IT deployment configurations.

Diagnostic Steps

Intel has provided guidance to developers of Cryptographic software to harden their libraries and applications against Hertzbleed.

For more information please read:

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments