Start a Conversation

Unsolved

10 Elder

 • 

43.8K Posts

44

August 11th, 2023 19:39

Intel and AMD CPU security fixes

Intel

Intel finally released a fix for the "Downfall" security hole (CVE-2022-40982) that affects most/all CPUs released since 2015, including CPUs based on Skylake, Kaby Lake, Whiskey Lake, Ice Lake, Comet Lake, Coffee Lake, Rocket Lake, and Tiger Lake architectures. That means most CPUs in Intel's 6th - 11th-generation Core lineup for consumer PCs, plus some Xenon server CPUs, and Pentium and Celeron CPUs based on the similar architectures. 


Not affected are 12th- and 13th-generation Intel CPU architectures (aka Alder Lake and Raptor Lake), low-end CPUs in the Atom, Pentium, and Celeron families (Apollo Lake, Jasper Lake, Gemini Lake, and others), or old 3rd- and 4th-Gen Core CPUs.

The bad news...Intel's fix can cause significant performance hits for certain types of workload. Specifically, performance of scientific and visualization engineering workloads will be impacted most heavily. The fix will be optional, and can be disabled, but it's enabled by default. 

If the CPU uses Software Guard Extensions (SGX) memory encryption, the fix will require a firmware update.  If the CPU doesn't use SGX, the fix can be installed either by a firmware update or via the OS. FWIW, my PC has a Kaby Lake i7-9700 CPU and I' was offered an optional Intel (SGX Software Component) v2.19.100.4 via Windows Update yesterday, which may be the fix for Downfall.  I have not installed it...

AMD

AMD separately is going to release an update to fix the Inception security hole (CVE-2023-20569). AMD "believes this vulnerability is only potentially exploitable locally, such as via downloaded malware."

It affects processors using Zen 3 or Zen 4-based CPU cores. This includes Ryzen 5000- and 7000-series desktop CPUs, some Ryzen 5000 and 7000-series laptop CPUs, all Ryzen 6000-series laptop GPUs, Threadripper Pro 5000WX workstation CPUs, and 3rd- and 4th-gen EPYC server CPUs. 

Some AGESA firmware updates for these chips are available now, and others should be available sometime between now and Dec-23. OS-level microcode updates are available in the meantime.

Read more...

No Responses!
No Events found!

Top