After vulnerabilities like Spectre and Meltdown were discovered in 2018, Intel processors have more vulnerabilities with the Downfall attacks that target the Gather instruction part of AVX2/AVX-512 and impact 6th generation Skylake up to 11th generation Tiger Lake processors introduced as far back as 2014.
It does not affect more recent processors, and as somebody who has just purchased a laptop based on a 13th Raptor Lake processor, I guess I can breathe a sigh of relief until the next vulnerability is discovered, but people using hardware with older Intel processors will have to update the OS and suffer from a performance impact, at least for tasks leveraging AVX2 or AVX-512.
The website about the Downfall vulnerability explains:
Downfall attacks targets a critical weakness found in billions of modern processors used in personal and cloud computers. This vulnerability, identified as CVE-2022-40982, enables a user to access and steal data from other users who share the same computer. For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages. Similarly, in cloud computing environments, a malicious customer could exploit the Downfall vulnerability to steal data and credentials from other customers who share the same cloud computer.
The vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software. This allows untrusted software to access data stored by other programs, which should not be normally be accessible. I discovered that the Gather instruction, meant to speed up accessing scattered data in memory, leaks the content of the internal vector register file during speculative execution. To exploit this vulnerability, I introduced Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques.
Intel Processor Advisory INTEL-SA-00828 rates it as medium severity and describes it as:
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
The company also issued a statement to various news sources about the vulnerability which was discovered in :
The security researcher, working within the controlled conditions of a research environment, demonstrated the GDS issue which relies on software using Gather instructions. While this attack would be very complex to pull off outside of such controlled conditions, affected platforms have an available mitigation via a microcode update. Recent Intel processors, including Alder Lake, Raptor Lake and Sapphire Rapids, are not affected. Many customers, after reviewing Intel’s risk assessment guidance, may determine to disable the mitigation via switches made available through Windows and Linux operating systems as well as VMMs. In public cloud environments, customers should check with their provider on the feasibility of these switches
The Linux 6.5 kernel has a patch to “Mitigate Gather Data Sampling issue” and Intel has released a microcode update for the Downfall vulnerability also known as “Gather Data Sampling” (GDS). Note this was reported in August 2022 (yes, that’s one year ago) and it took a long while before the issue was “fixed”. While Intel says the mitigation may be disabled, considering the performance impact of up to 50% allegedly communicated to partners, the downfall website says it might not be such a good idea:
This is a bad idea. Even if your workload does not use vector instructions, modern CPUs rely on vector registers to optimize common operations, such as copying memory and switching register content, which leaks data to untrusted code exploiting Gather.
AVX-512 and AVX2 SIMD instructions are often used for multimedia (audio/video) decoding and encoding, so I’d expect many people to be impacted, and applying any mitigations for your preferred OS should be an important thing to do even if it impacts performance to some extent. I understand the 50% performance hit is a worse-case scenario, so we’d have to see how it pans out for typical workloads that leverage the GATHER instruction.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.