Gather Data Sampling

Gather Data Sampling (GDS) is a vulnerability in software design or implementation that was identified by Moghimi. This flaw, also referred to as the Downfall, allows for data inference from affected CPUs across various security boundaries such as user-kernel, processes, virtual machines, and trusted execution environments. Intel has acknowledged this vulnerability and provided extensive documentation, including a guide to Downfall mitigation. Moghimi developed two attack techniques exploiting this vulnerability: Gather Data Sampling (GDS) and Gather Value Injection (GVI). The GDS technique exploits the Gather instruction, which is intended to expedite accessing scattered data in memory but inadvertently leaks the content of the internal vector register file during speculative execution. On the other hand, GVI combines GDS with the Load Value Injection (LVI) technique, previously disclosed in 2020, to manipulate microarchitectural data injections. These vulnerabilities were detailed in the Downfall research paper, where Moghimi explains how he discovered the flaw and developed his exploit techniques. He stated, “I discovered that the Gather instruction...leaks the content of the internal vector register file during speculative execution. To exploit this vulnerability, I introduced Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques.” These discoveries highlight the need for robust hardware fixes to address these critical vulnerabilities effectively.