Intel: a security vulnerability discovered in many processors exposes your data

Most Intel processors are affected by a serious security breach. Called Downfall, it allows malware to access sensitive data like passwords. Even worse, the patch breaks the CPU performance.

Intel


This was since 2019 and this big security breach in Intel processors discovered by BitDefender that we had not written on the subject. Now the CPU manufacturer faces a new threat. Named Downfall, it affects Intel processors from the 6th generation of Skylake processors to the 11th generation of Rocket Lake and Tiger Lake processors.

The flaw was discovered by Google researcher Daniel Moghimi. The specialist created a website dedicated to the problem. Intel also released a security notification, INTEL-SA-00828. Both point out that this vulnerability can expose your computer to sensitive data leaks, such as passwords or encryption keys.

How does the Intel Downfall flaw work?

This flaw is related to the memory optimization functions of Intel processors. They allow certain protected hardware registers to be accessible by software, when they should not be. To do this, it exploits the Gather instructions present in processors that support AVX2 and AVX-512 instruction sets. This means that malware can potentially access your data.

More worryingly, the vulnerability extends to the cloud. Daniel Moghimi explains on his website that “in cloud computing environments, a malicious client could exploit the Downfall vulnerability to steal data and credentials from multiple customers who share the same cloud computer”.

AVX instructions are important in many intensive workloads. Various rendering or encoding applications use it, as do many subprocesses. At the moment there is no need to panic, but better to monitor the product page of your motherboard to update the BIOS as soon as possible. Although.

Downfall bug fix lowers performance

Intel has now deployed a patch to address the issue, since it was reported last week. Small glitch, the BIOS updated with the patch has significantly reduced performance. This is in any case what the first tests carried out by the Phoronix site reveal.

If you’re worried about your data, it might be time to take the plunge and buy the new Meteor Lake processors, which will be called Core Ultra at the end of the year. Indeed, these processors will not be affected by the flaw at their release.

Post a Comment

Previous Post Next Post