Intel Downfall, AKA GDS: Gather Data Sampling Vulnerability

Happy Patch Tuesday, Here’s A New Vulnerability

You know the drill, a new vulnerability has been discovered but applying the patch will result in noticeably slower performance.  The vulnerability specifically applies to Intel chips from Skylake through to Tigerlake and Ice Lake with with AVX2 and AVX-512.  Raptor Lake is safe, and Alder Lake had it’s AVX-512 support forcibly removed; AMD’s Zen 4 is not listed either though it has it’s own issues as we saw yesterday.  On the Xeon side, Ice Lake chips are indeed vulnerable however Sapphire Rapids chips are safe from Downfall.

There are two ways to make use of Downfall, the first being the usual malware infection to give access to the machine to exploit the vulnerability.  The second is a little more terrifying, Downfall enables a user to access and steal data from other users who share the same computer and popular CPUs running cloud based systems are vulnerable.  In theory this means a nefarious user on a shared cloud computer might be able to access data from other users on that machine.

The proof of concept works on Windows and Linux, however Intel feels Downfall would be challenging to take advantage of in the wild.  That is likely true, as these types of vulnerabilities are traditionally difficult to leverage.  As the patch will cut the performance of AVX GATHER instructions in half let us hope they are correct!