• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

"Downfall" Intel CPU Vulnerability Can Impact Performance By 50%

Joined
Oct 6, 2021
Messages
1,605 (1.36/day)
Please don't spread disinformation. In CVSS v3 and newer Attack Vector: Local does not mean what you think it means.

From the CVSS v3.1 specification:
Local (L)The vulnerable component is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either:
  • the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or remotely (e.g., SSH); or
  • the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)

This means that making a user visit a compromised website is also considered "local". So potentially this vulnerability could be exploited "remotely" via a web browser.


That's not true. In CVSS v3 and never direct physical requirement is denoted by AV: P - Physical.
Please read the actual paper as well. It clearly states that the exploit works from non-admin accounts:
So do you think it is possible to get these local admin privileges through a js code in the browser, could you show how? Just for curiosity.
 
Joined
Jun 29, 2018
Messages
544 (0.23/day)
So do you think it is possible to get these local admin privileges through a js code in the browser, could you show how? Just for curiosity.
I wrote "potentially" in bold for a reason. It has not been demonstrated so far.
I was also referring to the notion that Attack Vector: Local somehow prohibits this ever being the case, it does not.

WebAssembly does support SIMD which can be mapped to AVX (at least in Firefox), but not to AVX2. So this particular vulnerability would be very hard to implement in JS, most likely impossible. However the cleverness of security researchers never ceases to amaze me, so I give myself the leeway of being wrong about that.
 
Joined
Jul 5, 2013
Messages
28,318 (6.75/day)
So do you think it is possible to get these local admin privileges through a js code in the browser, could you show how?
It isn't, ignore them.

WebAssembly does support SIMD which can be mapped to AVX (at least in Firefox), but not to AVX2.
Sorry, doesn't work that way, ESPECIALLY in Firefox. And even if it did, the level of access to potential data harvesting is very limited and small. As I said earlier, this very nearly nothing-sauce.
 
Joined
Jan 14, 2019
Messages
12,627 (5.81/day)
Location
Midlands, UK
System Name Nebulon B
Processor AMD Ryzen 7 7800X3D
Motherboard MSi PRO B650M-A WiFi
Cooling be quiet! Dark Rock 4
Memory 2x 24 GB Corsair Vengeance DDR5-4800
Video Card(s) AMD Radeon RX 6750 XT 12 GB
Storage 2 TB Corsair MP600 GS, 2 TB Corsair MP600 R2
Display(s) Dell S3422DWG, 7" Waveshare touchscreen
Case Kolink Citadel Mesh black
Audio Device(s) Logitech Z333 2.1 speakers, AKG Y50 headphones
Power Supply Seasonic Prime GX-750
Mouse Logitech MX Master 2S
Keyboard Logitech G413 SE
Software Bazzite (Fedora Linux) KDE
Yes I need them. AMD AGESA updates are needed, as shown in the last years.
No, they are not. You only need a BIOS update if something is broken in the one you currently have.
 
Joined
Jun 29, 2018
Messages
544 (0.23/day)
Joined
Nov 18, 2010
Messages
7,602 (1.48/day)
Location
Rīga, Latvia
System Name HELLSTAR
Processor AMD RYZEN 9 5950X
Motherboard ASUS Strix X570-E
Cooling 2x 360 + 280 rads. 3x Gentle Typhoons, 3x Phanteks T30, 2x TT T140 . EK-Quantum Momentum Monoblock.
Memory 4x8GB G.SKILL Trident Z RGB F4-4133C19D-16GTZR 14-16-12-30-44
Video Card(s) Sapphire Pulse RX 7900XTX. Water block. Crossflashed.
Storage Optane 900P[Fedora] + WD BLACK SN850X 4TB + 750 EVO 500GB + 1TB 980PRO+SN560 1TB(W11)
Display(s) Philips PHL BDM3270 + Acer XV242Y
Case Lian Li O11 Dynamic EVO
Audio Device(s) SMSL RAW-MDA1 DAC
Power Supply Fractal Design Newton R3 1000W
Mouse Razer Basilisk
Keyboard Razer BlackWidow V3 - Yellow Switch
Software FEDORA 41
Joined
Jul 5, 2013
Messages
28,318 (6.75/day)
There is not even a debate mate. That CVE is for Spectre


View attachment 308679
Um, "Mate", learn how to read...
And before anyone says it, there will not be any JS based exploits one can load in a browser page. It's detailed in the description;
CVE - CVE-2022-40982 "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."
Admin/Root access is required in addition to local(direct physical) access to the system in question. Remote exploitation is not possible without direct user action and interaction.
Thus..

There is this.
There a "Daniel Moghimi" details a few examples of how an exploit would work. Please note, the demo's are being run on an Intel Mac being accessed with SuperUser authoritives, something most Mac users wouldn't be doing. Additionally, one has to have the admin logins for the target system. This would be the same as physically being there. Without that info, remote exploitation is NOT possible.
 
Last edited:
Joined
Nov 18, 2010
Messages
7,602 (1.48/day)
Location
Rīga, Latvia
System Name HELLSTAR
Processor AMD RYZEN 9 5950X
Motherboard ASUS Strix X570-E
Cooling 2x 360 + 280 rads. 3x Gentle Typhoons, 3x Phanteks T30, 2x TT T140 . EK-Quantum Momentum Monoblock.
Memory 4x8GB G.SKILL Trident Z RGB F4-4133C19D-16GTZR 14-16-12-30-44
Video Card(s) Sapphire Pulse RX 7900XTX. Water block. Crossflashed.
Storage Optane 900P[Fedora] + WD BLACK SN850X 4TB + 750 EVO 500GB + 1TB 980PRO+SN560 1TB(W11)
Display(s) Philips PHL BDM3270 + Acer XV242Y
Case Lian Li O11 Dynamic EVO
Audio Device(s) SMSL RAW-MDA1 DAC
Power Supply Fractal Design Newton R3 1000W
Mouse Razer Basilisk
Keyboard Razer BlackWidow V3 - Yellow Switch
Software FEDORA 41
Joined
Jun 29, 2018
Messages
544 (0.23/day)
There is this.
There a "Daniel Moghimi" details a few examples of how an exploit would work. Please note, the demo's are being run on an Intel Mac being accessed with SuperUser authoritives, something most Mac users wouldn't be doing. Additionally, one has to have the admin logins for the target system. This would be the same as physically being there. Without that info, remote exploitation is NOT possible.
No. Read the FAQ on this site you linked, and read the actual paper. It directly contradicts what you're saying:

[Q] What about web browsers?
[A] In theory, remotely exploiting this vulnerability from the web browser is possible. In practice, demonstrating successful attacks via web browsers requires additional research and engineering efforts.

The demo requires administrative access because it's running in VMs on his Mac. The vulnerability itself does not need it.
 
Joined
Jul 5, 2013
Messages
28,318 (6.75/day)
You okay mate? Not sure, but your are talking about the skirt and I am about the wife.
You are talking about nothing and nonsense. Explain in more detail what "you" are talking about. The rest of us are discussing the topic of the article:

"Downfall" Intel CPU Vulnerability Can Impact Performance By 50%​


What are you going on about?
(seriously, if you're going to troll, be competent about it)
 
Last edited:
Joined
Nov 18, 2010
Messages
7,602 (1.48/day)
Location
Rīga, Latvia
System Name HELLSTAR
Processor AMD RYZEN 9 5950X
Motherboard ASUS Strix X570-E
Cooling 2x 360 + 280 rads. 3x Gentle Typhoons, 3x Phanteks T30, 2x TT T140 . EK-Quantum Momentum Monoblock.
Memory 4x8GB G.SKILL Trident Z RGB F4-4133C19D-16GTZR 14-16-12-30-44
Video Card(s) Sapphire Pulse RX 7900XTX. Water block. Crossflashed.
Storage Optane 900P[Fedora] + WD BLACK SN850X 4TB + 750 EVO 500GB + 1TB 980PRO+SN560 1TB(W11)
Display(s) Philips PHL BDM3270 + Acer XV242Y
Case Lian Li O11 Dynamic EVO
Audio Device(s) SMSL RAW-MDA1 DAC
Power Supply Fractal Design Newton R3 1000W
Mouse Razer Basilisk
Keyboard Razer BlackWidow V3 - Yellow Switch
Software FEDORA 41
You are talking about nothing and nonsense. Explain in more detail what "you" are talking about. The rest of us are discussing the topic of the article:

"Downfall" Intel CPU Vulnerability Can Impact Performance By 50%​


What are you going on about?
(seriously, if you're going to troll, be competent about it)

Lex, are you sober?

You quoted me, said not true about the obvious and I showed you a M$ list stating exactly what I said. You cannot disable ALL MITIGATIONS in windows, Microsoft regulates it, not anyone else. You cannot speculate what they will do about the future ones also, that's their decision, including this CVE. So far on the Linux side everything is in your hands. I responded actually to mkdr dude, not you, as he had concerns.

1691845687863.png
 
Joined
Aug 11, 2015
Messages
83 (0.02/day)
No they are not.
YES THEY WERE. Every single AGESA of the past years was NECESSARY because they gave dramatic performance boosts, fixed a dramatic bug (Ryzen 7000 soc voltage, core parking, CCX latency, clock boost etc), fixed RAM compatibility (6000+er not booting / issues), fixed BOOT times (from 50 to 20 seconds) and MORE. You dont seem to know anything about it, otherwise you wouldnt claim that. Intel had no issues on their side to worry about it. But for Ryzen, you totally NEEDED every single new AGESA update.
 
Joined
Jul 5, 2013
Messages
28,318 (6.75/day)
YES THEY WERE. Every single AGESA of the past years was NECESSARY because they gave dramatic performance boosts, fixed a dramatic bug (Ryzen 7000 voltage, core parking, CCX latency, clock boost etc), fixed RAM compatibility (6000+er not booting / issues), fixed BOOT times (from 50 to 20 seconds) and MORE. You dont seem to know anything about it, otherwise you wouldnt claim that nonsense. Intel had no issues on their side to worry about it. But for Ryzen, you totally NEEDED every single new AGESA update.
You're talking to me like I'm some ignorant twat that doesn't work with PC's(including Ryzen based systems) every every day of the week. Do hush.

You quoted me, said not true about the obvious and I showed you a M$ list stating exactly what I said.
Execpt that what you said is incorrect.
You cannot disable ALL MITIGATIONS in windows
Yes, you can.
Microsoft regulates it, not anyone else.
Doesn't mean it can't be disabled. Are you seriously THAT oblivious?
 
Joined
Aug 2, 2012
Messages
2,025 (0.45/day)
Location
Netherlands
System Name TheDeeGee's PC
Processor Intel Core i7-11700
Motherboard ASRock Z590 Steel Legend
Cooling Noctua NH-D15S
Memory Crucial Ballistix 3200/C16 32GB
Video Card(s) Nvidia RTX 4070 Ti 12GB
Storage Crucial P5 Plus 2TB / Crucial P3 Plus 2TB / Crucial P3 Plus 4TB
Display(s) EIZO CX240
Case Lian-Li O11 Dynamic Evo XL / Noctua NF-A12x25 fans
Audio Device(s) Creative Sound Blaster ZXR / AKG K601 Headphones
Power Supply Seasonic PRIME Fanless TX-700
Mouse Logitech G500S
Keyboard Keychron Q6
Software Windows 10 Pro 64-Bit
Benchmark Scores None, as long as my games runs smooth.
As long as games arn't affected i don't care, otherwise i'll look into disabling the fix.
 
Joined
Jan 14, 2019
Messages
12,627 (5.81/day)
Location
Midlands, UK
System Name Nebulon B
Processor AMD Ryzen 7 7800X3D
Motherboard MSi PRO B650M-A WiFi
Cooling be quiet! Dark Rock 4
Memory 2x 24 GB Corsair Vengeance DDR5-4800
Video Card(s) AMD Radeon RX 6750 XT 12 GB
Storage 2 TB Corsair MP600 GS, 2 TB Corsair MP600 R2
Display(s) Dell S3422DWG, 7" Waveshare touchscreen
Case Kolink Citadel Mesh black
Audio Device(s) Logitech Z333 2.1 speakers, AKG Y50 headphones
Power Supply Seasonic Prime GX-750
Mouse Logitech MX Master 2S
Keyboard Logitech G413 SE
Software Bazzite (Fedora Linux) KDE
YES THEY WERE. Every single AGESA of the past years was NECESSARY because they gave dramatic performance boosts, fixed a dramatic bug (Ryzen 7000 soc voltage, core parking, CCX latency, clock boost etc), fixed RAM compatibility (6000+er not booting / issues), fixed BOOT times (from 50 to 20 seconds) and MORE. You dont seem to know anything about it, otherwise you wouldnt claim that. Intel had no issues on their side to worry about it. But for Ryzen, you totally NEEDED every single new AGESA update.
Well, I know all about it because I'm on a Zen 4 system right now, and believe me, not every single BIOS update is necessary. Yes, you need to fix your SoC voltage. Yes, you need an update for normal POST times. But that does not cover every single update by far.
 
Joined
Sep 29, 2015
Messages
126 (0.04/day)
Dam, just bought a Intel Core i9-13900K as well, I'm just a gamer thou, will i be affected much guys ?
 
Joined
Nov 26, 2021
Messages
1,705 (1.51/day)
Location
Mississauga, Canada
Processor Ryzen 7 5700X
Motherboard ASUS TUF Gaming X570-PRO (WiFi 6)
Cooling Noctua NH-C14S (two fans)
Memory 2x16GB DDR4 3200
Video Card(s) Reference Vega 64
Storage Intel 665p 1TB, WD Black SN850X 2TB, Crucial MX300 1TB SATA, Samsung 830 256 GB SATA
Display(s) Nixeus NX-EDG27, and Samsung S23A700
Case Fractal Design R5
Power Supply Seasonic PRIME TITANIUM 850W
Mouse Logitech
VR HMD Oculus Rift
Software Windows 11 Pro, and Ubuntu 20.04
It does not rely on SMT since it works with just context-switching. Disabling SMT is not a mitigation for this vulnerability, from the paper:
Context switching makes it harder since there's no guarantee that the attacker will be scheduled onto the victim's core.
 
Joined
Jun 10, 2014
Messages
2,996 (0.78/day)
Processor AMD Ryzen 9 5900X ||| Intel Core i7-3930K
Motherboard ASUS ProArt B550-CREATOR ||| Asus P9X79 WS
Cooling Noctua NH-U14S ||| Be Quiet Pure Rock
Memory Crucial 2 x 16 GB 3200 MHz ||| Corsair 8 x 8 GB 1333 MHz
Video Card(s) MSI GTX 1060 3GB ||| MSI GTX 680 4GB
Storage Samsung 970 PRO 512 GB + 1 TB ||| Intel 545s 512 GB + 256 GB
Display(s) Asus ROG Swift PG278QR 27" ||| Eizo EV2416W 24"
Case Fractal Design Define 7 XL x 2
Audio Device(s) Cambridge Audio DacMagic Plus
Power Supply Seasonic Focus PX-850 x 2
Mouse Razer Abyssus
Keyboard CM Storm QuickFire XT
Software Ubuntu
Engineers are just humans, and humans make errors. Period. ;) I guess the only solution would be chips (and software/firmware) designed by AI. Because machines don't make errors…
:wtf:
So-called "AI" is not currently intelligent at all, it's basically using heuristics to recognize patterns, which in turn can be used to generate new data. So in essence, using "AI" to design CPUs will probably lead to designs with more flaws, since there is no intelligence behind the "decisions".

Using "AI" to help test designs could be interesting though, as it might expose some interesting use cases.

(OT: Using AI to generate text can yield some seriously hilarious results though: link)

They could bigly reduce such "unforeseen consequences" with proper QA. ;) But they're doing the exact opposite, cutting corners wherever they can to increase profits for shareholders.
<snip>
Also it's not surprising that tech security flaws stay undetected for soo long. There are not many people on the planet who actually have a understanding for the tech, and those who do work either for the tech companies, the GOV or bad actors. And none of them are interested in making security flaws public, two of them even abuse them. That's why most security flaws are reported by private researchers.
I'm a software engineer, not a hardware engineer, but if the corporate culture in companies like Intel, AMD, Nvidia, etc. is anything like what I've experienced in software companies with 1000+ employees (or read about in horror stories), I'm not surprised at all that a lot of serious flaws slip through. I've personally witnessed several cases of even "inexperienced" interns discovering critical flaws which have been completely dismissed. If you have hundreds or thousands of engineers on a project, there is probably a huge hierarchy of middle management, where it's hard to get the right information through the "noise". (Not to mention, engineers are generally stubborn "know-it-alls") And then there is the case of management knowing the issue, but deliberately covering it up to ship a product.
To be clear, I'm explaining it, not excusing it.

To answer your first paragraph, how would you do good enough QA?
CPUs are incredible complex state machines, and verifying every possible combination is impossible.
With every released CPU there is commonly a long errata, containing typically 20-30 flaws discovered during testing. It is actually quite normal that a lot of features are disabled or timings adjusted in the firmware due to bugs, so probably no CPU performs "as they expected", no new architecture anyways.
And it's common that some flaws are not addressed in firmware either, so certain software can be triggering a CPU bug on specific CPUs.
I know of two such examples. The Bulldozer family had some error triggered by compiling (I believe it was gcc), resulting in invalid binaries. Zen(1) had another flaw triggered most easily by gcc and llvm, which AMD never fully acknowledged. And Intel has had plenty too.

It makes me wonder if these vulnerabilities really deserve the attention they get. I mean, sure, someone could potentially hack your PC doing the point-and-click steps you described, but why would they?
You should be much more worried about the crappy firmware of your router, it probably has several easily exploitable vulnerabilities.

For any bug that requires root access to exploit, it's not really a problem for desktop users, as a root can do anything on your computer anyways.

The concern is for cloud providers, as someone in one VM can potentially affect another VM. But even then it's probably mostly theoretical. It is one thing to reproduce a problem in a controlled environment, and something completely different to do it on a server with randomized memory addresses, lots of data churning through constantly, VMs being loaded and unloaded all the time. The chances of someone stealing a continuous piece of data through a randomized and fragmented memory space is minuscule. But sure, an attacker can get lucky and strike a few bytes containing a private key etc.
 
Joined
Oct 24, 2022
Messages
243 (0.31/day)
Intel's marketing department has always said that "you should only use Intel CPUs in your servers because only Intel CPUs have reliability, availability, and serviceability (RAS)".



 
Joined
Sep 29, 2015
Messages
126 (0.04/day)
Well i just read that Intel’s newer 12th-gen and 13th-gen Core processors are not affected., is this true ?
 
Joined
Jun 29, 2018
Messages
544 (0.23/day)
Dam, just bought a Intel Core i9-13900K as well, I'm just a gamer thou, will i be affected much guys ?
Well i just read that Intel’s newer 12th-gen and 13th-gen Core processors are not affected., is this true ?
12th and 13th generations are not affected by this.

Context switching makes it harder since there's no guarantee that the attacker will be scheduled onto the victim's core.
Sure, however if you allow for scheduling variance at all, then relying on SMT is dubious as well since almost every OS tries to fill real cores first before assigning work to SMT ones. In both cases there's techniques for trying to coax the scheduler to fit your needs.
 
Joined
Aug 20, 2007
Messages
21,560 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
you cant.
There are opt out registry keys for everything trailing all the way back to meltdown for the os side. In that sense you can.

Microcode is harder to skip but also tends to lose far less performance than the OS mitigations.

So do you think it is possible to get these local admin privileges through a js code in the browser, could you show how? Just for curiosity.
Admin is not needed. People keep saying this but there is no evidence for it that I've seen.

It would be hard, but not impossible to mount such an attack in javascript. It'd probably help if you knew the exact target hardware in advance.

You cannot disable them all in windows, it is baked in kernel. You will not have a choice.
Windows had regkeys to disable every mitigation, just FYI. It's virtually the same as Linux there. Looking them up is far more homework, however.
 
Last edited:
Top