Analyzing Vector Register Usage in Linux Packages to Understand Real-World Impact of Downfall Attack
For normal users and system administrators, this study clarifies the practical risk of Downfall in everyday software, showing widespread but not universal vulnerability.
The paper analyzes vector register usage in over 133K Linux packages from Ubuntu LTS versions to assess real-world impact of the Downfall side-channel attack, finding that over 60% of binary files use vector registers and popular packages like apt may be affected.
Downfall is a side-channel attack that leaks values in vector registers from a process to another on the same CPU core. This attack enables an attacker to achieve serious outcomes (e.g., stealing AES keys), and there is no fundamental countermeasure besides applying microcode-based hardware patches. Although the impact of this attack is discussed by the original paper and by Intel to some extent, it is still unclear whether programs used in daily computing activities of normal users are affected by Downfall. This paper thoroughly analyzes the usage of vector registers in widely used applications to assess the impact of Downfall on them. In particular, we collect all packages (over 133~K) provided by the four latest long-term support versions of Ubuntu and measure various metrics on vector instructions. Our findings include that over 60% of all binary files contained in the packages use at least one vector register, and that some highly popular packages such as apt might also be affected by Downfall.