Downfall (security vulnerability)

Computer security vulnerability From Wikipedia, the free encyclopedia

Downfall, known as Gather Data Sampling (GDS) by Intel,[1] is a computer security vulnerability found in 6th through 11th generations of consumer and 1st through 4th generations of Xeon Intel x86-64 microprocessors.[2] It is a transient execution CPU vulnerability which relies on speculative execution of Advanced Vector Extensions (AVX) instructions to reveal the content of vector registers.[3][4]

Quick Facts CVE identifier(s), Affected hardware ...
Downfall
CVE identifier(s)CVE-2022-40982
Affected hardware6-11th gen Intel Core CPUs
Websitehttps://downfall.page/
Close

Vulnerability

Intel's Software Guard Extensions (SGX) security subsystem is also affected by this bug.[4]

The Downfall vulnerability was discovered by the security researcher Daniel Moghimi, who publicly released information about the vulnerability in August 2023, after a year-long embargo period.[5][6]

Intel promised microcode updates to resolve the vulnerability.[1] The microcode patches have been shown to significantly reduce the performance of some heavily-vectorized loads.[7]

Patches to mitigate the effects of the vulnerability have also been created as part of the forthcoming version 6.5 release of the Linux kernel.[8] They include code to disable the AVX extensions entirely on CPUs for which microcode mitigation is not available.[9]

Vendor responses

References

Loading related searches...

Wikiwand - on

Seamless Wikipedia browsing. On steroids.