From 362853bd2d90eb22d9ff632e453aa582c640e921 Mon Sep 17 00:00:00 2001
From: nopenothinghere <nopenothinghere@proton.me>
Date: Wed, 9 Aug 2023 12:29:31 -0400
Subject: [PATCH] Detail new architectural CPU bug "Downfall" Attacks

---
 guide.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/guide.md b/guide.md
index 4dffe5b..b1e4a81 100644
--- a/guide.md
+++ b/guide.md
@@ -12412,6 +12412,7 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte
 - [SQUIP](https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) <sup>[[Archive.org]](https://web.archive.org/web/20220812082548/https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/)</sup> - Scheduler Queue Usage via Interface Probing. All of AMD's Zen CPUs are vulnerable to a medium-severity flaw which can allow threat actors to run side-channel attacks.
 - [Hertzbleed](https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) <sup>[[Archive.org]](https://web.archive.org/web/20220712000058/https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html)</sup> - Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit.
 - [Retbleed](https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) <sup>[[Archive.org]](https://web.archive.org/web/20220804151557/https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/)</sup> - Retbleed focuses on return instructions, which are part of the retpoline software mitigation against the speculative execution class of attacks that became known starting early 2018, with Spectre.
+- [Downfall](https://downfall.page/) <sup>[[Archive.org]](https://web.archive.org/web/20230809145002/https://downfall.page/)</sup> - Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques exploit the **gather** instruction to steal information from [SIMD register buffers](https://en.wikipedia.org/wiki/Single_instruction,_multiple_data) and victim processes.
     
 # Appendix B6: Warning for using Orbot on Android