A speculative execution vulnerability dubbed "Downfall"
A speculative execution vulnerability dubbed “Downfall” could cost Intel billions of dollars in a potential class-action lawsuit, as the chipmaker faces a security crisis following the discovery of the “bug” affecting billions of its processors. The Downfall bug can cause up to 39% performance reduction, underlining the growing impact of such vulnerabilities on performance, and as a result, Intel could face a big bill from businesses and consumers as a result of the potential class action.
The Downfall vulnerability allows malicious third-party apps to steal sensitive information from users, posing a significant risk to business and consumer data. The Bathaee Dunne LLP law firm, which is investigating a class-action lawsuit against Intel, says that consumers and businesses are at risk of data breaches.
“As the Downfall vulnerability can reduce the performance of affected computers and servers by up to 39% and poses a serious security threat, the affected businesses suffered financial harm due to the cost of replacing affected computers, servers, and other affected devices,” the law firm says. “Businesses and consumers also face the risk of data breaches as a result of the Downfall vulnerability if it is not addressed.”
The firm says that if the Downfall vulnerability is not addressed, it could result in data breaches. It says that businesses typically suffer financial harm as a result of data breaches, including the cost of replacing affected computers, servers, and other affected devices.
“As a result, the Downfall vulnerability poses a serious security threat to businesses and consumers,” Bathaee Dunne says. “If left unaddressed, the Downfall vulnerability threatens to undermine public trust in the products and services offered by Intel and its partners.”
The Downfall bug targets speculative execution, which is the core technology used by many modern CPUs to boost performance. Intel has released software mitigations for the vulnerability, but they come at an average performance cost of around 39%. Certain scenarios could see performance decline by as much as 50%, calling into question the viability of affected processors.
Intel’s affected processors range from 6th-gen to 11th-gen, and include Xeon products. The Downfall vulnerability could hit Intel’s bottom line, as businesses and consumers face the choice of either buying a potentially affected CPU and risking a data breach, or suffering a significant performance hit by using mitigations.
The Downfall vulnerability is just the latest in a string of speculative execution vulnerabilities that have emerged this year. AMD has also faced vulnerabilities, raising questions about potential impacts on the businesses caused by speculative execution bugs.
Intel’s reputation and financial standing could take a big hit as a result of the potential class action lawsuit, with answers needed as to why speculative execution vulnerabilities are continuing to emerge, and what can be done to address them.
Check out our guide on the Downfall vulnerability to learn more about the speculative execution bug.