Jump to content

Downfall (security vulnerability)

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by StormFuel (talk | contribs) at 14:43, 10 August 2023 (Added direct links to the various vendor responses and tried to clean up formatting in the external links section.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
See also: Transient execution CPU vulnerability

Downfall is a computer security vulnerability found in recent generations of Intel x86-64 microprocessors. It is a side-channel attack which relies on speculative execution of AVX instructions to reveal the content of vector registers.[1][2] Intel's SGX security subsystem is also affected by this bug.[2]

The Downfall vulnerability was discovered by the security researcher Daniel Moghimi, who publicly released information about the vulnerability in August 2023, after a year-long embargo period.[3][4] Intel uses the name "Gather Data Sampling" to describe the vulnerability.[5]

Intel has promised a microcode update to resolve the vulnerability.[5] Patches to mitigate the effects of the vulnerability have also been created as part of the forthcoming version 6.5 release of the Linux kernel.[6]

Amazon Web Services have stated that they have put mitigations in place against the Downfall vulnerability.[7]

References

  1. ^ Newman, Lily Hay. "New 'Downfall' Flaw Exposes Valuable Data in Generations of Intel Chips". Wired. ISSN 1059-1028. Retrieved 2023-08-08.
  2. ^ a b Ilascu, Ionut (2023-08-08). "New Downfall attacks on Intel CPUs steal encryption keys, data". BleepingComputer. Retrieved 2023-08-08.
  3. ^ Wright, Rob (2023-08-08). "Google unveils 'Downfall' attacks, vulnerability in Intel chips". Security. Retrieved 2023-08-08.
  4. ^ Larabel, Michael (2023-08-08). "Intel DOWNFALL: New Vulnerability Affecting AVX2/AVX-512 With Big Performance Implications". www.phoronix.com. Retrieved 2023-08-08.
  5. ^ a b "Gather Data Sampling / CVE-2022-40982 / INTEL-SA-00828". Intel. Retrieved 2023-08-08.
  6. ^ Larabel, Michael (2023-08-08). "Linux 6.5 Patches Merged For Intel GDS/DOWNFALL, AMD INCEPTION". www.phoronix.com. Retrieved 2023-08-09.
  7. ^ "CVE-2022-40982 - Gather Data Sampling - Downfall". Amazon Web Services, Inc. Retrieved 2023-08-09.

Vendor Responses


Stub icon

This computing article is a stub. You can help Wikipedia by expanding it.

Stub icon

This computer security article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Downfall_(security_vulnerability)&oldid=1169670926"