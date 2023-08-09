Security researchers have recently disclosed two CPU vulnerabilities: Downfall and Inception. Both vulnerabilities exploit speculative execution, similar to the original Meltdown and Spectre bugs.

Downfall, also known as CVE-2022-40982, affects a wide range of Intel processors. It targets the “Gather” instruction used by Intel CPUs to retrieve data from system memory. The bug unintentionally exposes internal hardware registers, allowing untrusted software to access data stored by other programs. Downfall can be used to steal encryption keys and other sensitive information. Intel has released OS-level microcode software updates to address this vulnerability.

Inception, also known as CVE-2023-20569, is a side-channel vulnerability related to the Spectre bug. It involves two attacks: one that tricks the CPU into mispredicting and another that manipulates future mispredictions. This vulnerability affects AMD Zen-based CPUs, including Ryzen, Threadripper, and EPYC processors. AMD has released firmware updates and OS-level microcode updates to mitigate the risk.

To mitigate Downfall, Intel recommends installing the microcode fix, but this may result in up to a 50% performance reduction for workloads relying on the Gather instruction. As for Inception, AMD believes the vulnerability is only potentially exploitable locally through downloaded malware.

It is crucial for users to install the necessary updates provided by their PC, server, or motherboard manufacturers to address these vulnerabilities. Server administrators, in particular, should prioritize patching due to the wide impact on server CPUs.

Please note that the list of affected processors includes various generations and architectures. Newer generations, such as Intel’s 12th- and 13th-generation CPUs (Alder Lake and Raptor Lake) and low-end CPUs in the Atom, Pentium, and Celeron families, are not affected. Similarly, older CPU architectures like Haswell and Broadwell are not affected, except when used in servers or 4th- and 5th-generation Core CPUs for consumer PCs.

It is worth mentioning that both Intel and AMD have not found any active exploits of these vulnerabilities in the wild. However, it is essential to take preventive measures and install the necessary updates to ensure system security.