Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Billions of Intel CPUs are leaking passwords and killing performance

An Intel processor over a dark blue background.

A scary vulnerability has recently been discovered in some Intel processors, and while the best CPUs are not affected, billions of chips could be. According to the researcher who first spotted the Downfall vulnerability, “everyone on the internet is affected.” This is made worse by the fact that a skilled hacker could steal some of the most sensitive data from affected computers, including passwords.

Downfall was discovered by a senior research scientist from Google, Daniel Moghimi, who created a page dedicated to it, detailing how it works and what it can possibly do. Downfall targets the Gather Instruction in Intel chips, which normally helps the CPU quickly access various data spread all over different parts of its memory. However, with the flaw, internal hardware registers can be exposed to software. If the software is compromised, it’s possible that hackers could seize sensitive data from the PC.

The affected CPUs all belong to Intel’s mainstream and server processor lineups, starting from Skylake all the way up to Rocket Lake. This means that, unless you’ve upgraded your CPU in the last few years, you’re definitely affected, but you can check out Intel’s full list of chips that are vulnerable.

As Moghimi notes,  you don’t even need to own an Intel processor to potentially be affected. As Intel dominates the server market, cloud computing environments might be hit by this as well, where “malicious customer could exploit the Downfall vulnerability to steal data and credentials from other customers who share the same cloud computer,” says Moghimi.

While pulling off an actual hack with Downfall seems tricky, there’s a lot at stake, which is why Intel has already released a fix — but the downside is a massive performance loss. Intel was quick to say it would be releasing new microcode for the chips that are affected, and it recommended that users update their firmware to prevent being affected by Downfall. It’s here now, but as noted by Phoronix, the price to pay for not having your password leaked is massive.

A person using a laptop with a set of code seen on the display.
Sora Shimazaki / Pexels

Intel itself estimated a performance loss of up to 50%, with AVX instructions most affected. The good news is that for most users, this won’t be an issue, but the bad news is that AI-related workloads and overall high-performance computing (HPC) tasks are hit pretty hard.

Phoronix tested the impact on Linux with four different CPUs, including a Xeon Platinum 8380, Xeon Gold 6226R, and an Intel Core i7-1165G7. Performance losses range from 6% up to 39%, which, while not as bad as Intel predicted, is still not great.

You don’t need to update your processor if you’re not worried about being affected by Downfall. While Moghimi recommends it, Intel itself allows users to opt out of the extra mitigation in order to restore the full performance of their CPU. If you’re not using your PC for HPC tasks, it sounds like you might as well keep the mitigation on, but Intel has detailed the process of turning it off if you’d rather get rid of it.

Editors' Recommendations

Monica J. White
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
Intel 14th-gen Meteor Lake: architecture, specs, and performance
On-package memory on Intel Meteor Lake processors.

Intel's 14th-gen Meteor Lake processors are here, and they're ready to compete against some of the best processors for laptops. While they don't currently -- and may never -- have desktop counterparts, Meteor Lake chips bring improved graphics performance, AI capabilities, and high core counts to thin and light laptops.

What's new in Meteor Lake, and what will these CPUs excel at? With Intel's announcement, we now know the answers to those questions.
Pricing and release date

Read more
Some surprising details on Intel’s upcoming 14th-gen laptops just leaked
Intel's new Intel Core Ultra badge.

One of the first laptops powered by Intel’s upcoming 14th-gen Meteor Lake CPUs has been spotted online, and based on what we're seeing, the prices look surprisingly affordable.

The information originated on X (formerly Twitter) from @momomo_us, who initially shared details about these new laptops via Newegg US. The post disclosed information about the expected CPUs and key specifications of the laptops. Among MSI's lineup of work laptops featuring Meteor Lake CPUs, the Prestige 13 and 16 are the first ones identified. The leak also mentions the CreatorPro 16 Studio, as well as popular gaming SKUs, the Stealth 14 and 16, although specs for these were not provided.

Read more
CPU owners are suing Intel. Here’s the surprising reason why
Intel CEO Pat Gelsinger holding a chip.

Five unhappy owners of Intel CPUs have just started a class action lawsuit against the company following the discovery that, allegedly, Intel knowingly sold processors affected by a dangerous vulnerability -- and it has been doing this for years. The flaw in question is called Downfall, and while it doesn't affect Intel's best CPUs, it's present in chips ranging from the 6th to the 11th generation of Intel processors.

Dating back to Skylake CPUs and still present in Rocket Lake chips, the Downfall vulnerability was first made public by security researcher Daniel Moghimi. This flaw targets the Gather Instruction process in Intel CPUs. Normally, this allows the CPU to quickly access various data in its memory, but unfortunately, this also means that any vulnerabilities within Gather Instruction grant the threat actor a lot of access to the affected PC. Be it through malware or by direct access, attackers could potentially steal a lot of sensitive data from affected chips.

Read more