HOME

TheInfoList



Click Here for Items Related To - Gather Data Sampling
OR:
Gather Data Sampling on:   [Wikipedia]   [Google]   [Amazon]

Downfall, known as Gather Data Sampling (GDS) by Intel, is a
computer security vulnerability Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by ...
found in 6th through
11th 11 (eleven) is the natural number following 10 and preceding 12. It is the first repdigit. In English, it is the smallest positive integer whose name has three syllables. Name "Eleven" derives from the Old English ', which is first attested i ...
generations of consumer and 1st through 4th generations of Xeon Intel x86-64 microprocessors. It is a
transient execution CPU vulnerability Transient execution CPU vulnerabilities are vulnerabilities in a computer system in which a speculative execution optimization implemented in a microprocessor is exploited to leak secret data to an unauthorized party. The classic example is Spect ...
which relies on speculative execution of Advanced Vector Extensions (AVX) instructions to reveal the content of vector registers.


Vulnerability

Intel's Software Guard Extensions (SGX) security subsystem is also affected by this bug. The Downfall vulnerability was discovered by the security researcher Daniel Moghimi, who publicly released information about the vulnerability in August 2023, after a year-long embargo period. Intel promised
microcode In processor design, microcode (μcode) is a technique that interposes a layer of computer organization between the central processing unit (CPU) hardware and the programmer-visible instruction set architecture of a computer. Microcode is a laye ...
updates to resolve the vulnerability. The microcode patches have been shown to significantly reduce the performance of some heavily- vectorized loads. Patches to mitigate the effects of the vulnerability have also been created as part of the forthcoming version 6.5 release of the
Linux kernel The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ope ...
. They include code to disable the AVX extensions entirely on CPUs for which microcode mitigation is not available.


Vendor responses


References


External links


Downfall Attacks Developer Page

MITRE CVE-2022-40982 page
{{Hacking in the 2020s Transient execution CPU vulnerabilities Hacking in the 2020s Intel