2023-08-10
Intel Patch Release for August 2023
On Tuesday, August 8, Intel published 46 security advisories alerting customers to roughly 80 vulnerabilities in its software and firmware. Eighteen of the flaws are high-severity vulnerabilities that could be exploited to attain privilege elevation or cause denial-of-service (DoS) conditions. Among the vulnerabilities addressed is a side-channel attack nicknamed Downfall.
Editor's Note
Downfall is another case of the CPU predictively using cached data (Gather) to speed processing, not unlike Spectre/Meltdown. Downfall affects as many as seven generations of Intel CPU/chipsets. The micro patch that addresses the vulnerability can cause as much as a 50% slowdown; you are going to want to regression test fully before deploying.
Lee Neely
Read more in
Intel: Intel® Product Security Center Advisories
Intel: 2023.3 IPU - Intel® Processor Advisory
Wired: New ‘Downfall’ Flaw Exposes Valuable Data in Generations of Intel Chips
SC Magazine: ‘Downfall’ flaw leaves most Intel CPUs open to nearly undetectable attack
Ars Technica: “Downfall” bug affects years of Intel CPUs, can leak encryption keys and more
Dark Reading: 'Downfall' Bug in Billions of Intel CPUs Reveals Major Design Flaw
Security Week: Intel Addresses 80 Firmware, Software Vulnerabilities
Security Week: Downfall: New Intel CPU Attack Exposing Sensitive Information