Analyzing Vector Register Usage in Linux Packages to Understand Real-World Impact of Downfall Attack

Downfall is a side-channel attack that leaks values in vector registers from a process to another on the same CPU core. This attack enables an attacker to achieve serious outcomes (e.g., stealing AES keys), and there is no fundamental countermeasure besides applying microcode-based hardware patches. Although the impact of this attack is discussed by the original paper and by Intel to some extent, it is still unclear whether programs used in daily computing activities of normal users are affected by Downfall. This paper thoroughly analyzes the usage of vector registers in widely used applications to assess the impact of Downfall on them. In particular, we collect all packages (over 133~K) provided by the four latest long-term support versions of Ubuntu and measure various metrics on vector instructions. Our findings include that over 60% of all binary files contained in the packages use at least one vector register, and that some highly popular packages such as apt might also be affected by Downfall.