Analyzing Vector Register Usage in Linux Packages to Understand Real-World Impact of Downfall Attack

TL;DR

This paper investigates the real-world impact of the Downfall side-channel attack by analyzing vector register usage in over 133,000 Ubuntu packages, revealing widespread potential vulnerability.

Contribution

It provides the first large-scale empirical analysis of vector register usage in common applications to assess Downfall attack exposure.

Findings

Over 60% of binaries use vector registers.

Popular packages like apt may be vulnerable.

The analysis highlights widespread potential impact.

Abstract

Downfall is a side-channel attack that leaks values in vector registers from a process to another on the same CPU core. This attack enables an attacker to achieve serious outcomes (e.g., stealing AES keys), and there is no fundamental countermeasure besides applying microcode-based hardware patches. Although the impact of this attack is discussed by the original paper and by Intel to some extent, it is still unclear whether programs used in daily computing activities of normal users are affected by Downfall. This paper thoroughly analyzes the usage of vector registers in widely used applications to assess the impact of Downfall on them. In particular, we collect all packages (over 133~K) provided by the four latest long-term support versions of Ubuntu and measure various metrics on vector instructions. Our findings include that over 60% of all binary files contained in the packages use at least one vector register, and that some highly popular packages such as apt might also be affected by Downfall.