Daily Archives: 2023-08-09

“Downfall” bug affects years of Intel CPUs, can leak encryption keys and more

Source: Ars Technica

Article note: At this point the article might as well be a digest about "This month's speculative execution vulnerabilities for each of the major platforms."
An 8th-generation Intel Core desktop CPU, one of several CPU generations affected by the Downfall bug.

Enlarge / An 8th-generation Intel Core desktop CPU, one of several CPU generations affected by the Downfall bug. (credit: Mark Walton)

It's a big week for CPU security vulnerabilities. Yesterday, different security researchers published details on two different vulnerabilities, one affecting multiple generations of Intel processors and another affecting the newest AMD CPUs. "Downfall" and "Inception" (respectively) are different bugs, but both involve modern processors' extensive use of speculative execution (a la the original Meltdown and Spectre bugs), both are described as being of "medium" severity, and both can be patched either with OS-level microcode updates or firmware updates with fixes incorporated.

AMD and Intel have both already released OS-level microcode software updates to address both issues. Both companies have also said that they're not aware of any active in-the-wild exploits of either vulnerability. Consumer, workstation, and server CPUs are all affected, making patching particularly important for server administrators.

It will be up to your PC, server, or motherboard manufacturer to release firmware updates with the fixes after Intel and AMD make them available.

Read 13 remaining paragraphs | Comments

Posted in News | Leave a comment