x86/speculation: Add Gather Data Sampling (GDS) mitigation (CVE-2022-40982) (!2904) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Waiman Long requested to merge llong1/centos-stream-9:bz2229875_gds into main Aug 08, 2023

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2229875
CVE: CVE-2022-40982
MR: !2904 (merged)

Gather Data Sampling (GDS, aka Downfall) is a transient execution side channel vulnerability affecting certain Intel processors. In some situations when a gather instruction performs certain loads from memory, it may be possible for a malicious attacker to use this type of instruction to infer stale data from previously used vector registers. These entries may correspond to registers previously used by the same thread, or by the sibling thread 2 on the same processor core.

Similar to data sampling transient execution attacks like Microarchitectural Data Sampling (MDS), GDS may allow a malicious actor who can locally execute code on a system to infer the values of secret data which is otherwise protected by architectural mechanisms. GDS differs from the MDS vulnerabilities in both the method of exposure (which is limited to the set of gather instructions), and in the data exposed (stale vector register data only). Neither MDS nor GDS, by themselves, provide malicious actors the ability to choose which data is inferred using these methods.

GDS is assigned CVE-2022-40982 CVSS Base Score 6.5 Medium CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N.

Microcode update is enough to mitigate GDS. This MR contains kernel patches that show the status of GDS mitigation and provide the ability to disable the mitigation to avoid performance impact or to force disable AVX to mitigate the risk in case the right microcode isn't available yet.

Signed-off-by: Waiman Long longman@redhat.com

Edited Aug 08, 2023 by Waiman Long

x86/speculation: Add Gather Data Sampling (GDS) mitigation (CVE-2022-40982)

Merge request reports