Security
Determine security ramifications to protect personal data and information
111 Discussions

Chips & Salsa Episodes 56 and 57: Gather Data Sampling, Downfall and August 2023 Advisories

IPAS_Security
Employee
0 0 4,700

Hi everyone,

Today we released 46 advisories addressing 80 vulnerabilities with CVSS Scores ranging from 3.2 (Low) to 8.8 (High).  47.5% were internally found by Intel folks and our Bug bounty program discovered another 50%, bringing the total of our security investments in people and programs discovering 97.5% of all the vulns reported this month. Included in the bundle this month are Firmware & Processor updates, four product discontinuation notices, and the vast majority of the remaining advisories are software updates so we encourage customers to go to the Intel security center to find out more.

Today we are taking the opportunity to highlight INTEL-SA-00828, Intel® Processor Advisory. We were excited to have the opportunity to record Chips & Salsa episode 56 with Daniel Moghimi, the researcher who discovered this issue. Additionally, in episode 57, we talk to Vivek Tiwari, Vice President of Remediation and Response Engineering here at Intel, who provides insights on this issue for customers based on Intel’s expert analysis.

INTEL-SA-00828 provides a mitigation for a transient execution side channel issue discovered by Daniel who coordinated today’s disclosure with Intel. Daniel refers to this issue as “Downfall,” but here at Intel we prefer to use the more descriptive “Gather Data Sampling” (GDS) title. It is important to note up front that Intel’s latest platforms, including Alder Lake, Raptor Lake, and Sapphire Rapids, are not affected by this issue. These platforms have defense-in-depth features we designed into the architecture that block the issue. Also, as Vivek explains in episode 57, we believe trying to exploit this outside of a controlled lab environment would be a complex undertaking. Mainly, this type of transient execution issue only provides a small window for a potential attacker to infer data which they cannot specially target to begin with.

Customers may be concerned about potential performance issues with this mitigation which will be on by default after the microcode update is installed. Note that operating systems and hypervisors will have the ability to disable the mitigation for customers who determine the issue is not a threat to their environments (see Intel’s threat analysis paper for more details). In our performance analysis, we do not see any significant impact to most workloads. There is potential impact where Gather instructions are in what is called the “hot path,” which basically means they are frequently executed, such as in high performance compute (HPC) environments. HPC may not consider this issue to be a threat due to the requirements for an attack to be successful and how those environments are generally configured and managed. For example, an attacker would need to be running on the same physical core as the target and be able to run untrusted code, among other things, which are not typical in these environments.

To help customers understand this issue in detail so they can make an accurate threat assessment, we are providing the following technical documents:

Gather Data Sampling technical paper:

https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/gather-data-sampling.html

Gather Data Sampling Threat Analysis paper: 

https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/threat-analysis-gds.html

Gather Data Sampling Performance Analysis -

https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/gds-mitigation-performance-analysis.html

 

Now that we have set the context, let’s get to the interviews! As mentioned, in episode 56 we talk to Daniel Moghimi about what inspired this research and what’s next for him as he has since moved out of academia to be a senior research scientist at Google: https://youtu.be/PjbJs2yZNKk

CSe56-Daniel-GDS-Downfall.png

After receiving the report from Daniel and as is always the case with reports like this, we have had many Intel technical experts analyze the issue including CPU architects and our own offensive security researchers. In episode 57, Intel’s Vivek Tiwari provides a summary of our investigation, resulting mitigation, and insights for customers to consider: https://youtu.be/-OIoK_flNvs

CSe57-Intel Guidance GDS-Downfall.png

 

That’s it for patch Tuesday August 2023!

Regards,

Jerry Bryant
Sr. Director, Incident Response & Security Communications
Intel Product Assurance and Security

About the Author
Intel Product Assurance and Security (IPAS) is designed to serve as a security center of excellence – a sort of mission control – that looks across all of Intel. Beyond addressing the security issues of today, we are looking longer-term at the evolving threat landscape and continuously improving product security in the years ahead.