The Collide+Power security flaw could affect almost every CPU

Researchers from the Graz University of Technology in Austria and CISPA Helmholtz Center for Information Security in Germany have recently discovered a new security flaw named “Collide+Power,” which can not only affect almost every CPU but also allow threat actors to monitor CPU power consumption, potentially leading to the unauthorized leakage of sensitive information.

Dubbed CVE-2023-20583, the vulnerability involves studying power consumption patterns during the processing of both known data from the attacker and unknown data from the victim. Therefore, by examining the power usage, a threat actor can deduce the contents of the victim’s CPU cache memory, thus revealing encryption keys and short identifiers.

Additionally, the Collide+Power security flaw comes in two variants: MDS-Power and Meltdown-Power. When it comes to MDS-Power, it can steal data from another security domain co-located on a sibling hardware thread at a rate of 4.82 bits per hour, provided hyperthreading is active. However, at this pace, extracting a 4,096-bit RSA key from a cloud vendor would take a full month.

On the other hand, Meltdown-Power is even slower, leaking data at a rate of 0.136 bits per hour. And in real-world scenarios, the attack becomes even more sluggish due to memory prefetching, requiring an estimated 2.86 years to obtain a single bit from the kernel if fully deployed.

“However, this low-security risk might drastically change if new architectural or microarchitectural ways of prefetching victim data in co-location with attacker-controlled data are discovered,” said the researchers.

Patching the vulnerability

Although the security vulnerability might not seem viable for regular hackers, it has garnered widespread interest from companies like AMD, which has already confirmed that their EPYC server processors include a performance determinism mode that can mitigate the risk of data leakage. Similarly, Intel also cited the effectiveness of existing features and guidance for mitigating power side-channel attacks demonstrated in response to previous threats like PLATYPUS and Hertzbleed.