Jump to content

Downfall (security vulnerability)

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by The Anome (talk | contribs) at 09:38, 11 August 2023 (The microcode patches have been shown to significantly reduce the performance of some heavily-vectorized loads.<ref>{{Cite web |last=published |first=Zhiye Liu |date=2023-08-10 |title=Intel's Downfall Mitigations Drop Performance Up to 39%, Tests Show |url=https://www.tomshardware.com/news/intel-downfall-mitigation-performance-drop-linux |access-date=2023-08-11 |website=Tom's Hardware |language=en}}</ref>). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
See also: Transient execution CPU vulnerability

Downfall is a computer security vulnerability found in recent generations of Intel x86-64 microprocessors. It is a side-channel attack which relies on speculative execution of AVX instructions to reveal the content of vector registers.[1][2] Intel's SGX security subsystem is also affected by this bug.[2]

The Downfall vulnerability was discovered by the security researcher Daniel Moghimi, who publicly released information about the vulnerability in August 2023, after a year-long embargo period.[3][4] Intel uses the name "Gather Data Sampling" to describe the vulnerability.[5]

Intel has promised a microcode update to resolve the vulnerability.[5] The microcode patches have been shown to significantly reduce the performance of some heavily-vectorized loads.[6]

Patches to mitigate the effects of the vulnerability have also been created as part of the forthcoming version 6.5 release of the Linux kernel.[7]

Amazon Web Services have stated that they have put mitigations in place against the Downfall vulnerability.[8]

References

  1. ^ Newman, Lily Hay. "New 'Downfall' Flaw Exposes Valuable Data in Generations of Intel Chips". Wired. ISSN 1059-1028. Retrieved 2023-08-08.
  2. ^ a b Ilascu, Ionut (2023-08-08). "New Downfall attacks on Intel CPUs steal encryption keys, data". BleepingComputer. Retrieved 2023-08-08.
  3. ^ Wright, Rob (2023-08-08). "Google unveils 'Downfall' attacks, vulnerability in Intel chips". Security. Retrieved 2023-08-08.
  4. ^ Larabel, Michael (2023-08-08). "Intel DOWNFALL: New Vulnerability Affecting AVX2/AVX-512 With Big Performance Implications". www.phoronix.com. Retrieved 2023-08-08.
  5. ^ a b "Gather Data Sampling / CVE-2022-40982 / INTEL-SA-00828". Intel. Retrieved 2023-08-08.
  6. ^ published, Zhiye Liu (2023-08-10). "Intel's Downfall Mitigations Drop Performance Up to 39%, Tests Show". Tom's Hardware. Retrieved 2023-08-11.
  7. ^ Larabel, Michael (2023-08-08). "Linux 6.5 Patches Merged For Intel GDS/DOWNFALL, AMD INCEPTION". www.phoronix.com. Retrieved 2023-08-09.
  8. ^ "CVE-2022-40982 - Gather Data Sampling - Downfall". Amazon Web Services, Inc. Retrieved 2023-08-09.

Vendor Responses


Stub icon

This computing article is a stub. You can help Wikipedia by expanding it.

Stub icon

This computer security article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Downfall_(security_vulnerability)&oldid=1169795521"