Intel 'Downfall' CPU vulnerability exposes sensitive data
A scary new CPU security vulnerability has been revealed. It's called Downfall, and it affects Intel chips beginning with 6th Generation Skylake processors through to 11th Gen Rocket Lake and Tiger Lake.
Downfall was discovered by Google research scientist Daniel Moghimi (via The Register), who posted a webpage dedicated to the issue. Intel has posted about the issue in a security advisory, INTEL-SA-00828.
The flaw relates to the memory optimization features in Intel processors. It can allow certain protected hardware registers to be accessed via software, which is not supposed to be accessible. It does this by taking advantage of the Gather Instructions found in the aforementioned CPUs, which feature AVX2 and AVX-512 support. This means malware can potentially allow access to your applications and software, and possibly steal data including passwords and encryption keys.
Worryingly, the vulnerability extends to cloud computing operators. Moghimi says: «Similarly, in cloud computing environments, a malicious customer could exploit the Downfall vulnerability to steal data and credentials from other customers who share the same cloud computer.»
AVX instructions are important in many intensive workloads. Various rendering or encoding apps use it, but many sub processes and libraries do too. So while you shouldn't panic, it'll be well worth keeping an eye on your motherboard's product page, and updating the BIOS when it recommends you do so.
Best CPU for gaming: The top chips from Intel and AMD.Best gaming motherboard: The right boards.Best graphics card: Your perfect pixel-pusher awaits.Best SSD for gaming: Get into the game ahead of the rest.
The problem with attacks like this is that an updated BIOS with a microcode
Read more on pcgamer.com
