From Tom's Hardware: A new security vulnerability, called Downfall, was revealed today by Intel and the researcher who discovered it, Daniel Moghimi. The new attack uses Gather Data Sampling to steal data and other sensitive information from other users on a computer with Intel processors from 2015 through 2019 ranging from sixth gen Skylake through eleventh gen Rocket Lake and Tiger Lake.
Intel has posted about the vulnerability in a security advisory, INTEL-SA-00828, and has reserved CVE-2022-40982.
Moghami, a senior research scientist at Google (and formerly of the University of California San Diego posted details on downfall.page.
"The vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software," Moghami wrote. "This allows untrusted software to access data stored by other programs, which should not be normally be accessible. I discovered that the Gather instruction, meant to speed up accessing scattered data in memory, leaks the content of the internal vector register file during speculative execution."
View: Full Article
