From PC Mag: Intel fixed the security flaw known as "Downfall" this week, which is described as a "critical weakness found in billions of modern processors" by the researcher who discovered it.
That security researcher is Daniel Moghimi from the University of California San Diego, and the vulnerability he found affects Intel processors released between 2015 and 2019. More specifically, Downfall impacts processors from the 6th-gen Skylake to the 11th-gen Tiger Lake, and Intel has produced a detailed list of the affected chips. It's also worth noting that, rather than using Downfall, Intel prefers to call the vulnerability Gather Data Sampling (GDS).
So what does Downfall/GDS allow a hacker to do? According to Moghimi, a hacker can "target high-value credentials such as passwords and encryption keys" and the vulnerability only requires the attacker and victim to share the same physical CPU core. That may sound highly implausible, but when you consider multitasking, multithreading, servers, and cloud computing, Moghimi says this flaw "most likely" impacts us all.
The good news is, Intel has now released a fix. The bad news is, that fix does come with a significant performance hit for certain types of workload. Specifically, Intel believes the performance of scientific and visualization engineering workloads will be impacted most heavily. Moghami believes the overhead of the mitigation can be as high as a 50% depending on the workload.
View: Full Article