fbpx
Wikipedia

Downfall (security vulnerability)

January 31, 2024

See also: Transient execution CPU vulnerability

Downfall, known as Gather Data Sampling (GDS) by Intel,[1] is a computer security vulnerability found in 6th through 11th generations of consumer and 1st through 4th generations of Xeon Intel x86-64 microprocessors.[2] It is a transient execution CPU vulnerability which relies on speculative execution of Advanced Vector Extensions (AVX) instructions to reveal the content of vector registers.[3][4]

Downfall
CVE identifier(s)CVE-2022-40982
Affected hardware6-11th gen Intel Core CPUs
Websitehttps://downfall.page/

Vulnerability edit

Intel's Software Guard Extensions (SGX) security subsystem is also affected by this bug.[4]

The Downfall vulnerability was discovered by the security researcher Daniel Moghimi, who publicly released information about the vulnerability in August 2023, after a year-long embargo period.[5][6]

Intel promised microcode updates to resolve the vulnerability.[1] The microcode patches have been shown to significantly reduce the performance of some heavily-vectorized loads.[7]

Patches to mitigate the effects of the vulnerability have also been created as part of the forthcoming version 6.5 release of the Linux kernel.[8] They include code to disable the AVX extensions entirely on CPUs for which microcode mitigation is not available.[9]

Vendor responses edit

References edit

  1. ^ a b "Gather Data Sampling / CVE-2022-40982 / INTEL-SA-00828". Intel. Retrieved 2023-08-08.
  2. ^ "Affected Processors: Transient Execution Attacks & Related Security..." Intel. Retrieved 2023-08-16.
  3. ^ Newman, Lily Hay. "New 'Downfall' Flaw Exposes Valuable Data in Generations of Intel Chips". Wired. ISSN 1059-1028. Retrieved 2023-08-08.
  4. ^ a b Ilascu, Ionut (2023-08-08). "New Downfall attacks on Intel CPUs steal encryption keys, data". BleepingComputer. Retrieved 2023-08-08.
  5. ^ Wright, Rob (2023-08-08). "Google unveils 'Downfall' attacks, vulnerability in Intel chips". Security. Retrieved 2023-08-08.
  6. ^ Larabel, Michael (2023-08-08). "Intel DOWNFALL: New Vulnerability Affecting AVX2/AVX-512 With Big Performance Implications". www.phoronix.com. Retrieved 2023-08-08.
  7. ^ Liu, Zhiye (2023-08-10). "Intel's Downfall Mitigations Drop Performance Up to 39%, Tests Show". Tom's Hardware. Retrieved 2023-08-11.
  8. ^ Larabel, Michael (2023-08-08). "Linux 6.5 Patches Merged For Intel GDS/DOWNFALL, AMD INCEPTION". www.phoronix.com. Retrieved 2023-08-09.
  9. ^ Corbet, Jonathan (August 8, 2023). "Another round of speculative-execution vulnerabilities". lwn.net. Retrieved 2023-08-11.
  10. ^ "CVE-2022-40982 - Gather Data Sampling - Downfall". Amazon Web Services, Inc. 2023-08-08.
  11. ^ "Citrix Hypervisor Security Bulletin for CVE-2023-20569, CVE-2023-34319 and CVE-2022-40982". support.citrix.com.
  12. ^ "DSA-2023-180: Security Update for Intel Product Update 2023.3 Advisories | Dell US". www.dell.com.
  13. ^ "CVE-2022-40982". security-tracker.debian.org.
  14. ^ "Security Bulletins | Customer Care". Google Cloud.
  15. ^ "Intel 2023.3 IPU – BIOS August 2023 Security Updates | HP® Customer Support".
  16. ^ "INTEL-SA-00828". Intel. 2023-08-08.
  17. ^ "Multi-vendor BIOS Security Vulnerabilities (August 2023) - Lenovo Support US". support.lenovo.com.
  18. ^ "KB5029778: How to manage the vulnerability associated with CVE-2022-40982 - Microsoft Support". support.microsoft.com. Retrieved 2023-09-06.
  19. ^ "QSB-093: Transient execution vulnerabilities in AMD and Intel CPUs (CVE-2023-20569/XSA-434, CVE-2022-40982/XSA-435)". Qubes OS Forum. August 9, 2023.
  20. ^ "cve-details". access.redhat.com.
  21. ^ "Intel Platform Update (IPU) Update 2023.3, August 2023 | Supermicro". www.supermicro.com.
  22. ^ "CVE-2022-40982". Ubuntu.
  23. ^ https://blogs.vmware.com/security/2023/08/cve-2022-40982.html
  24. ^ "oss-sec: Xen Security Advisory 435 v1 (CVE-2022-40982) - x86/Intel: Gather Data Sampling". seclists.org.

External links edit

  • Downfall Attacks Developer Page
  • MITRE CVE-2022-40982 page

January 31, 2024
downfall, security, vulnerability, also, transient, execution, vulnerability, downfall, known, gather, data, sampling, intel, computer, security, vulnerability, found, through, 11th, generations, consumer, through, generations, xeon, intel, microprocessors, tr. See also Transient execution CPU vulnerability Downfall known as Gather Data Sampling GDS by Intel 1 is a computer security vulnerability found in 6th through 11th generations of consumer and 1st through 4th generations of Xeon Intel x86 64 microprocessors 2 It is a transient execution CPU vulnerability which relies on speculative execution of Advanced Vector Extensions AVX instructions to reveal the content of vector registers 3 4 DownfallCVE identifier s CVE 2022 40982Affected hardware6 11th gen Intel Core CPUsWebsitehttps downfall page Contents 1 Vulnerability 2 Vendor responses 3 References 4 External linksVulnerability editIntel s Software Guard Extensions SGX security subsystem is also affected by this bug 4 The Downfall vulnerability was discovered by the security researcher Daniel Moghimi who publicly released information about the vulnerability in August 2023 after a year long embargo period 5 6 Intel promised microcode updates to resolve the vulnerability 1 The microcode patches have been shown to significantly reduce the performance of some heavily vectorized loads 7 Patches to mitigate the effects of the vulnerability have also been created as part of the forthcoming version 6 5 release of the Linux kernel 8 They include code to disable the AVX extensions entirely on CPUs for which microcode mitigation is not available 9 Vendor responses editAmazon Web Services AWS 10 Citrix 11 Dell 12 Debian 13 Google Cloud Platform GCP 14 HP Inc 15 Intel 16 Lenovo 17 Microsoft 18 Qubes OS 19 Red Hat 20 Supermicro 21 Ubuntu 22 VMware 23 Xen 24 References edit a b Gather Data Sampling CVE 2022 40982 INTEL SA 00828 Intel Retrieved 2023 08 08 Affected Processors Transient Execution Attacks amp Related Security Intel Retrieved 2023 08 16 Newman Lily Hay New Downfall Flaw Exposes Valuable Data in Generations of Intel Chips Wired ISSN 1059 1028 Retrieved 2023 08 08 a b Ilascu Ionut 2023 08 08 New Downfall attacks on Intel CPUs steal encryption keys data BleepingComputer Retrieved 2023 08 08 Wright Rob 2023 08 08 Google unveils Downfall attacks vulnerability in Intel chips Security Retrieved 2023 08 08 Larabel Michael 2023 08 08 Intel DOWNFALL New Vulnerability Affecting AVX2 AVX 512 With Big Performance Implications www phoronix com Retrieved 2023 08 08 Liu Zhiye 2023 08 10 Intel s Downfall Mitigations Drop Performance Up to 39 Tests Show Tom s Hardware Retrieved 2023 08 11 Larabel Michael 2023 08 08 Linux 6 5 Patches Merged For Intel GDS DOWNFALL AMD INCEPTION www phoronix com Retrieved 2023 08 09 Corbet Jonathan August 8 2023 Another round of speculative execution vulnerabilities lwn net Retrieved 2023 08 11 CVE 2022 40982 Gather Data Sampling Downfall Amazon Web Services Inc 2023 08 08 Citrix Hypervisor Security Bulletin for CVE 2023 20569 CVE 2023 34319 and CVE 2022 40982 support citrix com DSA 2023 180 Security Update for Intel Product Update 2023 3 Advisories Dell US www dell com CVE 2022 40982 security tracker debian org Security Bulletins Customer Care Google Cloud Intel 2023 3 IPU BIOS August 2023 Security Updates HP Customer Support INTEL SA 00828 Intel 2023 08 08 Multi vendor BIOS Security Vulnerabilities August 2023 Lenovo Support US support lenovo com KB5029778 How to manage the vulnerability associated with CVE 2022 40982 Microsoft Support support microsoft com Retrieved 2023 09 06 QSB 093 Transient execution vulnerabilities in AMD and Intel CPUs CVE 2023 20569 XSA 434 CVE 2022 40982 XSA 435 Qubes OS Forum August 9 2023 cve details access redhat com Intel Platform Update IPU Update 2023 3 August 2023 Supermicro www supermicro com CVE 2022 40982 Ubuntu https blogs vmware com security 2023 08 cve 2022 40982 html oss sec Xen Security Advisory 435 v1 CVE 2022 40982 x86 Intel Gather Data Sampling seclists org External links editDownfall Attacks Developer Page MITRE CVE 2022 40982 page Retrieved from https en wikipedia org w index php title Downfall security vulnerability amp oldid 1196712726, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.