Bug 2223949 (CVE-2022-40982, Downfall)

Summary: CVE-2022-40982 hw: Intel: Gather Data Sampling (GDS) side channel vulnerability
Product: [Other] Security Response Reporter: Rohit Keshri <rkeshri>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, allarkin, bdm, bhu, broose, chwhite, dbohanno, ddepaula, debarbos, dfreiber, dimitris, dvlasenk, esyr, ezulian, henrik.henriksson, hkrzesin, hmatsumo, jarod, jburrell, jdenham, jfaracco, jferlan, jforbes, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, kcook34, kernel-mgr, ldoskova, lgoncalv, lleshchi, llong, longman, lzampier, mvanderw, nmurray, ptalbert, qzhao, redhat, rogbas, rrobaina, rvrbovsk, rysulliv, scweaver, security-response-team, shobbs, swood, tallis.elliott, tglozar, tyberry, vkumar, walters, wcosta, williams, wmealing, ycote, ymankad
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A Gather Data Sampling (GDS) transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction (load from memory) to infer stale data from previously used vector registers on the same physical core.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2223992, 2223993, 2223994, 2223995, 2229727, 2229728, 2229729, 2229730, 2229731, 2229732, 2229733, 2229873, 2229874, 2229875, 2229876, 2229877, 2229878, 2229879, 2229880, 2229881, 2229882, 2229883, 2229884, 2229885, 2229886, 2229887, 2229888, 2229889, 2229890, 2229891, 2229892, 2229893, 2229894, 2230086    
Bug Blocks: 2224000    

Description Rohit Keshri 2023-07-19 11:35:32 UTC 
Gather Date Sampling (GDS) is a transient execution side channel vulnerability affecting certain Intel processor. In this flaw, a local attack using gather instruction (load from memory) may infer stale data from previously used vector registers on the same physical core.
Comment 2 Rohit Keshri 2023-07-19 12:44:16 UTC 
Intel Processors supporting Trust Domain Extension (Intel TDX) are not affected by GDS.
Comment 3 Rohit Keshri 2023-07-19 12:56:01 UTC 
* Gather feature is provided by Intel AVX2 and Intel AVX-512 (Intel Advanced extensions)
* It comprises of single-instruction, multiple data instruction, which fetch non-contiguous data element from memory using vector-index memory addressing.
* The scope of of stale data exposure is limited to dame physical processor core.
* Attacker cannot directly control or specify the source of the stale data, it is small and uncontrolled set of data.
* Since it is an uncontrolled set of stale data, data correlation and speculation could be difficult.
Comment 13 Rohit Keshri 2023-08-08 17:10:56 UTC 
Created microcode_ctl tracking bugs for this issue:

Affects: fedora-all [bug 2230086]