Intel 'Downfall' CPU vulnerability exposes sensitive data

(Image credit: Future)

A scary new CPU security vulnerability has been revealed. It's called Downfall, and it affects Intel chips beginning with 6th Generation Skylake processors through to 11th Gen Rocket Lake and Tiger Lake.

Downfall was discovered by Google research scientist Daniel Moghimi (via The Register), who posted a webpage dedicated to the issue. Intel has posted about the issue in a security advisory, INTEL-SA-00828.

The flaw relates to the memory optimization features in Intel processors. It can allow certain protected hardware registers to be accessed via software, which is not supposed to be accessible. It does this by taking advantage of the Gather Instructions found in the aforementioned CPUs, which feature AVX2 and AVX-512 support. This means malware can potentially allow access to your applications and software, and possibly steal data including passwords and encryption keys.

Worryingly, the vulnerability extends to cloud computing operators. Moghimi says: "Similarly, in cloud computing environments, a malicious customer could exploit the Downfall vulnerability to steal data and credentials from other customers who share the same cloud computer."

AVX instructions are important in many intensive workloads. Various rendering or encoding apps use it, but many sub processes and libraries do too. So while you shouldn't panic, it'll be well worth keeping an eye on your motherboard's product page, and updating the BIOS when it recommends you do so.

Your next upgrade

Nvidia RTX 4070 and RTX 3080 Founders Edition graphics cards — (Image credit: Future)

Best CPU for gaming: The top chips from Intel and AMD.
Best gaming motherboard: The right boards.
Best graphics card: Your perfect pixel-pusher awaits.
Best SSD for gaming: Get into the game ahead of the rest.

The problem with attacks like this is that an updated BIOS with a microcode fix can drastically reduce performance, and it seems like that's the case here. Some early testing by Phoronix using updated microcode and Linux kernel patches showed big drops in performance.

Gamers are also affected, though given the relatively limited uses of AVX instructions in gaming, the hope is that games won't suffer from performance penalties that compute intensive professional and enterprise software will.

Emulation apps are an area that will be more affected. The RPCS3 PS3 emulator is one that heavily leans on the AVX-512 instruction set, so a performance hit is surely coming.

If you needed an excuse to upgrade to a 12th or 13th Gen system, this might be it. Alder Lake and Raptor Lake processors are not affected.

Chris' gaming experiences go back to the mid-nineties when he conned his parents into buying an 'educational PC' that was conveniently overpowered to play Doom and Tie Fighter. He developed a love of extreme overclocking that destroyed his savings despite the cheaper hardware on offer via his job at a PC store. To afford more LN2 he began moonlighting as a reviewer for VR-Zone before jumping the fence to work for MSI Australia. Since then, he's gone back to journalism, enthusiastically reviewing the latest and greatest components for PC & Tech Authority, PC Powerplay and currently Australian Personal Computer magazine and PC Gamer. Chris still puts far too many hours into Borderlands 3, always striving to become a more efficient killer.