A “Downfall” vulnerability has been discovered that poses a potential risk to those with Intel processors released between 2015-2019. With Downfall, attackers can gain access to sensitive data on your system, including passwords, encryption keys, emails and more. Fixes are being worked on to fix the vulnerability, but in some cases there may be major performance losses.Vulnerability in Intel processors
The new vulnerability, called Downfall, was discovered by Google researcher Daniel Moghimi. The downfall vulnerability is caused by memory optimization features in Intel processors inadvertently opening internal hardware registers to software, allowing untrusted software to access data stored by other programs that should not normally be accessible.
According to the reports, Downfall affects processors with AVX2 and AVX-512 instruction sets, meaning the newer 12th-gen Alder Lake, 13th-gen Raptor Lake and Sapphire Rapids are unaffected. However, processors released between 2015 and 2019 are affected by this vulnerability: Skylake, Cascade Lake, Cooper Lake, Amber Lake, Kaby Lake, Coffee Lake, Whiskey Lake, Comet Lake, Tiger Lake, Ice Lake, Rocket Lake.
However, even those who don’t own one of these processors may be inherently vulnerable, as Intel has more than 70 percent of the server market. Because in cloud computing environments, malicious people can take advantage of the Downfall vulnerability to steal the data and credentials of other customers sharing the same cloud computer.
Calling the vulnerability Gather Data Sampling (GDS), Intel has already issued a security alert (INTEL-SA-00828). Intel also released a microcode. Intel says some workloads can experience up to 50 percent performance degradation, particularly in HPC environments. The Downfall vulnerability in Intel is the second major vulnerability we’ve seen in just a few weeks. As we mentioned earlier, a Zenbleed vulnerability was discovered on the AMD side, which affects all processors with Zen 2 architecture.
59089
