CPU vulnerabilities are nothing new, but when they do happen, they need to be fixed promptly — otherwise, they can spell danger for your PC and your personal data. Some are milder than others, but every once in a while a «bad» exploit pops up that requires you to update your BIOS to keep yourself safe, like the Meltdown and Spectre vulnerabilities from 2018. This one has a similarly scary name: meet Downfall.
Intel has announced the discovery of a processor vulnerability impacting a number of chips from 2015 onwards. Named «Downfall,» the flaw was identified by Google researcher Daniel Moghimi. Intel is promptly releasing fixes for these issues, while also offering an option to disable them due to potential performance impacts on specific enterprise users — the company says that most workloads won’t see reduced performance, but certain vectorization-heavy tasks might be affected, so if you do a lot of heavy design work, you might see a performance penalty as a result of this fix. Then again, this issue mainly affects older computers, and if you’re doing heavier work, you probably want to use the latest, most powerful hardware that currently exist anyway.
Exploiting this vulnerability could allow attackers to breach data isolation barriers, potentially accessing sensitive information such as financial details, emails, passwords, and encryption keys. The exploit itself lies in chip code utilizing the «Gather» instruction to access scattered data more efficiently in memory. It has been found in Skylake (2015-2019), Tiger Lake (2020-early 2022), and Ice Lake (2019-2021) chip families. Current-gen chips like Alder Lake and Raptor Lake, thankfully, remain unaffected by this issue, but many older generations might be affected, so if your PC is nearing the older side by this point, you might need to consider installing this fix.
Moghimi’s findings highlight challenges in promptly addressing hardware vulnerabilities, and his proofs of concept, developed in weeks, underscore the potential danger of this issue and many issues like this that could potentially exist. He suggests that other chipmakers should also focus on verification to prevent similar issues.
If you have a Skylake, Tiger Lake, or Ice Lake Intel PC, keep an eye for software updates and BIOS updates.