Intel recently got slapped with a lawsuit in a US Federal Court in San Jose, California, over the rediscovery of the CPU security vulnerability, Downfall. We say rediscovery because the lawsuit alleges that the chipmaker actually knew about the vulnerability since its appearance in 2018.
Downfall also known as Gather Data Sampling (GDS) and its designation CVE-2022-40982, is a security flaw that affects consumer-level Intel CPUs from the 6th to 11th generation, as well as 1st to 4th generation Xeon X86-64 processors. To be even more precise, the vulnerability lies within the Advanced Vector Extensions (AVX) instructions that are also present within modern-day Intel processors.
The issue with Downfall is that both malicious and threat actors could exploit the vulnerability for a variety of tasks, including stealing passwords, encryption keys, your personal banking details, and other actions in a long laundry list of nefarious deeds. Not only that, the vulnerability would effectively cripple the performance of products running the affected CPUs and in scenario, could even reduce the performance of the processors by as much as 50%, even with a steady stream of micro updates.
The lawsuit also alleges that Intel had been informed about Downfall in two different reports in 2018. Despite the warnings, it chose to overlook the flaw, possibily because it was dealing with two more critical vulnerabilities at the time, Spectre and Meltdown. Worse, the lawsuit also alleges that the chipmaker had put in some “secret buffers” that would hide the flawed AVX instructions, but never publicly disclosed their existence.
Intel has declined to comment on the situation and understandably so; the lawsuit is still ongoing. Further, the lawsuit didn’t state how much it is seeking in compensation for those affected by the Downfall vulnerability, plus the performance degradation that would eventually occur with systems running the affected CPUs.
(Source: Techspot)
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.
