Intel fixed the security flaw known as "Downfall" this week, which is described as a "critical weakness found in billions of modern processors" by the researcher who discovered it.
That security researcher is Daniel Moghimi from the University of California San Diego, and the vulnerability he found affects Intel processors released between 2015 and 2019. More specifically, Downfall impacts processors from the 6th-gen Skylake to the 11th-gen Tiger Lake, and Intel has produced a detailed list of the affected chips. It's also worth noting that, rather than using Downfall, Intel prefers to call the vulnerability Gather Data Sampling (GDS).
So what does Downfall/GDS allow a hacker to do? According to Moghimi, a hacker can "target high-value credentials such as passwords and encryption keys" and the vulnerability only requires the attacker and victim to share the same physical CPU core. That may sound highly implausible, but when you consider multitasking, multithreading, servers, and cloud computing, Moghimi says this flaw "most likely" impacts us all.
The good news is, Intel has now released a fix. The bad news is, that fix does come with a significant performance hit for certain types of workload. Specifically, Intel believes the performance of scientific and visualization engineering workloads will be impacted most heavily. Moghami believes the overhead of the mitigation can be as high as a 50% depending on the workload.
With that in mind, Intel decided to offer an opt-out mechanism to disable the mitigation, but turned the mitigation on by default. Offering an opt-out means we can't be sure which Intel servers are immune to the vulnerability because it's up to the owner of the server to decide whether the fix is applied.
