Intel 'Downfall': Severe flaw in billions of CPUs leaks passwords and much more

Downfall, Inception, Meltdown, Spectre, I hate to see new vulnerabilities, but their naming choices are solid.

Intel claims most consumer software shouldn’t see much impact, outside of image and video editing workloads..

But that's, like the one place other than games where consumers are looking for performance. What's left, web browsing and MS Office?

Install backdoors and sell that info to governments and companies, then years later reveal the issue to justify downgrading performance of older CPUs to encourage people to upgrade.

According to him, billions of Intel processors are affected, which are used in private user computers as well as in cloud servers.
Update: Intel’s Downfall was closely followed by AMD’s Inception, a newfound security hole affecting all Ryzen and Epyc processors.

so both desktop and server chips are affected on both cpu manufacturers products. can't take any measures if your password is online on some server.

It took them a year for a microcode fix and it still has a performance loss of 50% in some cases? Ew

If you get caught we've never met.

Ha-ha. My chip's too old to be affected. I don't see my architecture on the list.

I knew putting off upgrading for around a decade would pay off. (Windows Update tells me my PC is not "ready" for Windows 11 due to its hardware, either. Oh no, whatever shall I do.)

They really should be recalled like they were forced to when the fdiv bug happened https://en.wikipedia.org/wiki/Pentium_FDIV_bug

Every article is a copy paste of the same bullshit talking about the vulnerability and pointing to the stupid cryptic list of processors that requires you to jump through hoops to read it. You can't just search for your processor in a database I mean fuck that would take them at least an a couple hours of their precious time to set up and they have only had a year. How do you fix it? Why with a microcode update of course!!...from where you ask? Well don't worry just look at the cryptic list it will tell you if you need a microcode update!!

Fuck every article about this shit. Anyone wanna bust an Eli5 on how to fix this problem for people? (I was assuming it's a BIOS update but the articles have only confused me further)

Guess it's time for another FPS hit...

While the article says it won't impact most applications, I suspect it's closer to saying "won't impact most applications as much".

This vulnerability, identified as CVE-2022-40982, enables a user to access and steal data from other users who share the same computer.

So just continue not letting people use my computer, got it. Very simple fix.

/tinfoilhat

I admittedly stopped reading halfway through but I feel like these newest vulnerabilities being discovered are probably just fucking government back doors the manufacturers have been forced to include.

/tinfoilhat

Yikes the performance hit is scary but if you’re running a server, what option do you have?

List of processors without redirect referrer: https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html

Intel’s newer 12th-gen and 13th-gen Core processors are not affected.

Oh ok

Jokes on them. I'm already watched by criminals and am used to companies throttling products.

> Downfall

Is the Intel CEO holed up in a bunker and raging at his chip designers?

Here we go again....

I'm curious if there's a silver lining of all current DRM keys being accessible through this.

My old-ass Ivy Bridge: Oh no! Anyway...

Bwahaha I'm safe with my i5 3450, gotta look at the brighter side of my dumpster fire of a pc

Good thing my CPU is ancient.

What does that even mean for me (has Debian running on a 2015 MacBook with Intel processor).

Will I get such a driver patch somehow?

It is by Design for IDF

Seems very similar to Zenbleed in terms of using certain register optimisation and speculative execution to get crippling security exploits. Thus far I haven't read too much into the detail of the attack but This article on Zenbleed, written by the attack's author, describes how the attack in detail and how he came to find it using fuzzing techniques - in this case two sets of instructions that should have had the same result, but they didn't.

The write-up for this one is presumably this one.

Anyway.

Run AMD.

Good thing I'm poor can't afford Intel. AMD for the win 😂

Considering how easy it is to do harm with a computer compared to how hard it is to protect from harm, I'm starting to wonder if complete anonymity on a computer is actually worth it