CVE identifier(s) | CVE- 2022-40982 |
---|---|
Affected hardware | 6-11th gen Intel Core CPUs |
Website | https://downfall.page/ |
Downfall, known as Gather Data Sampling (GDS) by Intel, [1] is a computer security vulnerability found in 6th through 11th generations of consumer and 1st through 4th generations of Xeon Intel x86-64 microprocessors. [2] It is a transient execution CPU vulnerability which relies on speculative execution of Advanced Vector Extensions (AVX) instructions to reveal the content of vector registers. [3] [4]
Intel's Software Guard Extensions (SGX) security subsystem is also affected by this bug. [4]
The Downfall vulnerability was discovered by the security researcher Daniel Moghimi, who publicly released information about the vulnerability in August 2023, after a year-long embargo period. [5] [6]
Intel promised microcode updates to resolve the vulnerability. [1] The microcode patches have been shown to significantly reduce the performance of some heavily- vectorized loads. [7]
Patches to mitigate the effects of the vulnerability have also been created as part of the forthcoming version 6.5 release of the Linux kernel. [8] They include code to disable the AVX extensions entirely on CPUs for which microcode mitigation is not available. [9]
CVE identifier(s) | CVE- 2022-40982 |
---|---|
Affected hardware | 6-11th gen Intel Core CPUs |
Website | https://downfall.page/ |
Downfall, known as Gather Data Sampling (GDS) by Intel, [1] is a computer security vulnerability found in 6th through 11th generations of consumer and 1st through 4th generations of Xeon Intel x86-64 microprocessors. [2] It is a transient execution CPU vulnerability which relies on speculative execution of Advanced Vector Extensions (AVX) instructions to reveal the content of vector registers. [3] [4]
Intel's Software Guard Extensions (SGX) security subsystem is also affected by this bug. [4]
The Downfall vulnerability was discovered by the security researcher Daniel Moghimi, who publicly released information about the vulnerability in August 2023, after a year-long embargo period. [5] [6]
Intel promised microcode updates to resolve the vulnerability. [1] The microcode patches have been shown to significantly reduce the performance of some heavily- vectorized loads. [7]
Patches to mitigate the effects of the vulnerability have also been created as part of the forthcoming version 6.5 release of the Linux kernel. [8] They include code to disable the AVX extensions entirely on CPUs for which microcode mitigation is not available. [9]