“Downfall” bug affects years of Intel CPUs, can leak encryption keys and more
It’s a big week for CPU security vulnerabilities. Yesterday, different security researchers published details on two different vulnerabilities, one affecting multiple generations of Intel processors and another affecting the newest AMD CPUs. “Downfall” and “Inception” (respectively) are different bugs, but both involve modern processors’ extensive use of speculative execution (a la the original Meltdown and Spectre bugs), both are described as being of “medium” severity, and both can be patched either with OS-level microcode updates or firmware updates with fixes incorporated.
AMD and Intel have both already released OS-level microcode software updates to address both issues. Both companies have also said that they’re not aware of any active in-the-wild exploits of either vulnerability. Consumer, workstation, and server CPUs are all affected, making patching particularly important for server administrators.
It will be up to your PC, server, or motherboard manufacturer to release firmware updates with the fixes after Intel and AMD make them available.