News + Trends
New vulnerability in AMD processors puts millions of computers at risk
by Martin Jud
Vulnerability in Intel processors jeopardises millions of computers
9.8.2023
Translation: machine translated
A newly discovered security vulnerability jeopardises Intel processors of the 6th to 11th generation. Attackers can use "Downfall" to read sensitive data, including encrypted passwords.
At the end of July, it became known that AMD processors with Zen 2 microarchitecture have a serious security vulnerability called "Zenbleed". Now Intel is similarly affected with a vulnerability called "Downfall". Affected are desktop computers, laptops and servers with Intel Core processors from the 6th to 11th generation. In other words, processors that have been on the market since 2015. The newer 12th and 13th generation CPUs are not affected.
"Downfall" allows attackers using the same computer as their victim to access and steal their data. This makes the vulnerability particularly sensitive for cloud computing environments. There is also a risk that a malicious app from a store could exploit the vulnerability to give hackers remote access to bank details, personal emails and passwords.
The vulnerability was discovered a year ago by Google security researcher Daniel Moghimi and reported to Intel. Since then, an embargo has been in place, which is why it is only now becoming known. It is registered in the USA's national vulnerability database NVD under CVE-2022-40982.
At downfall.page, Moghimi describes the problem as follows: "The vulnerability is caused by memory optimisation features in Intel processors that unintentionally expose internal hardware registers to software. This allows untrusted software to access data stored by other programmes that should not normally be accessed. I found that the gather instruction, which is supposed to speed up access to scattered data in memory, exposes the contents of the internal vector register file during speculative execution."
According to the security researcher, current antivirus software cannot detect an attack. Intel has released microcode updates that offer protection against the "downfall". However, these should also cause performance losses. As with AMD's "Zenbleed" gap, there is therefore a patch before motherboard updates with a fix are released at some point.
Cover image: Shutterstock
Martin Jud
Senior Editor
martin.jud@digitecgalaxus.chI find my muse in everything. When I don’t, I draw inspiration from daydreaming. After all, if you dream, you don’t sleep through life.
20 comments
later