Fixes are available for the Intel bug known as Downfall and the AMD vulnerability known as Inception. Credit: kao Studio / Getty Images Bugs emerged earlier this month in Intel and AMD processors that affect both client and server processors over multiple generations. Fortunately, the bugs were found some time ago and researchers kept it quiet while fixes were developed. Google researchers found the Intel bug known as Downfall (CVE-2022-40982) and reported it to Intel more than a year ago, so both parties had plenty of time to work things out. The Downfall bug exploits a flaw in the “Gather” instruction that affected Intel CPUs use to grab information from multiple places in a system’s memory. A Google researcher created a proof-of-concept exploit that could steal encryption keys and other kinds of data from other users on a given server. According to Intel’s support page, Downfall affects all client and server processors starting with the Skylake architecture and extending through Tiger Lake, along with a handful of others. That means most CPUs in Intel’s 6th through 11th-generation Core lineups for desktop PCs are impacted, although Intel’s newer 12th- and 13th-generation CPU architectures are not affected. On the server side, the first through third generation Xeon Scalable processors are impacted but not the newest generation, known as Sapphire Rapids. It also affects Xeon D and Xeon E, used in micro-servers and low-end embedded systems, respectively. AMD’s vulnerability, known as Inception, is much more wide reaching. It affects all four generations of its Zen architecture on both the client and the server. Both bugs are related to speculative processing, similar to the Meltdown and Spectre bugs from a few years ago. So it’s falling to the software guys to clean up a mess made in the chip world. In posting a patch to the Linux kernel on Git, lead developer Linus Torvalds grumbled “this is yet another issue where userspace poisons a microarchitectural structure which can then be used to leak privileged information through a side channel.” There is apparently a performance hit to be had, at least on the Linux side. The GCC compiler, the standard open-source compiler use by Linux, has been updated to work around any performance hits, according to Phoronix.com. Both Intel and AMD have issued firmware updates to their hardware to address the problem. Intel’s is here, and AMD’s can be found here. So start by downloading the microcode to update your firmware from the appropriate site. Intel and AMD have each released microcode updates. They are required to install the Linux security patches, which will be in the upcoming Linux 6.5 kernel as well as versions 6.4.9, 6.1.44, 5.15.125, 5.10.189, 4.19.290, and 4.14.321. This covers the Linux 6.4 stable series and kernels under long-term support. For its part, Microsoft released a fix for Downfall; details can be found here. The fix is part of the August update, so if you have installed the August fixes, you should be good to go. Intel’s vulnerability did not require a system update to enable protections, and Microsoft recommends referring to documentation guidance available here. Related content news HPE, Dell launch another round of AI servers HPE unveils one server, and Dell launches several compute and storage products. By Andy Patrizio Oct 17, 2024 3 mins Servers Data Center news Dell updates servers with AMD AI accelerators The Dell PowerEdge XE9680 ships with Instinct MI300X accelerators, AMD's high-end GPU accelerators that are designed to compete with Nvidia Hopper processors. By Andy Patrizio Jul 17, 2024 3 mins Servers Data Center news Gartner: AI spurs 25% surge in data center systems spending Worldwide IT spending is expected to surpass $5 trillion in 2024, a 7.5% increase over 2023. Gartner's forecast reflects 'ravenous demand' for data center infrastructure. By Denise Dubie Jul 16, 2024 3 mins Generative AI Servers Data Center news Elon Musk’s Grok AI ‘compute factory’ will use Dell and Supermicro servers The factory’s location is still shrouded in mystery and shrink wrap. By John E. Dunn Jun 21, 2024 3 mins Generative AI Servers PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe