Intel logo

Intel released a statement earlier today denying media reports that upcoming patches for a yet-to-be-disclosed security bug cause huge performance dips for devices using Intel CPUs.

The vulnerability —detailed in a previous Bleeping Computer article here— is said to be a security issue that impacts Intel processors mainly.

Details about this vulnerability are currently kept under wraps due to concerns of potential attacks that might try to exploit the bug.

Intel says other vendors are also affected

In its statement, Intel acknowledged the security issue for the first time but said that other vendors are also affected, and this is not an Intel-only issue.

Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.

Intel is right. The patches for the said security issue apply to CPUs from all vendors, not just Intel, and address general design issues in kernel memory management.

The confusion that only Intel is affected comes after an AMD engineer said that AMD processors are not affected by the vulnerability, even recommending that users disable the new security feature introduced in Linux kernels to address the flaw, fearing performance dips in AMD CPUs.

Intel says performance dip is not significant

While Intel acknowledged the security issue, the company's execs have a bone to pick with all the news stories that put a focus on "performance dips" in Intel CPUs.

Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.

Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.

There have been many articles published in the media claiming that Intel CPUs suffer between a 5% to 50% drop in processing speed due to the patches.

Even before the Intel statement, some experts —including Linus Torvalds— have tried to set the record straight by saying that performance dip varies based on the type of operations each process is running, and that normal PC users won't be affected.

Many hardware and software experts also pointed out that many of the benchmark tests that evaluated Intel CPU performance were carried out by comparing stable OS versions against patched but in-dev OS versions, which weren't optimized and would most likely receive more fixes.

Intel stock took a tumble

Despite this, there's been an abundance of negative headlines that piled up on Intel with claims of poor performance. These headlines caused Intel stock price to plummet by 8% earlier today, while AMD rose by 7%, just because the company stated they were not affected. AMD stock price dropped back to yesterday's levels after the Intel press release, while Intel stock is still 4% under yesterday's value.

But even after clarifying the problem of perceived performance issues, some users believe that Intel is now downplaying the security issue's overall impact [1, 2].

Intel has a market share of than 80 percent on desktops and more than 90 percent on the laptop and server markets. The Intel statement is available here.

UPDATE: Google has published details regarding flaws affecting almost all CPUs released in the last two decades, confirming Intel's statement. The flaws affect everything from smartphones to cloud servers, and from desktops to laptops. CPUs from all chipset vendors are vulnerable.

Related Articles:

Spectre and Meltdown Hardware Protection Added to Intel's 9th Gen CPUs

The Intel Microcode Boot Loader Protects Older CPUs From Spectre

New PortSmash Hyper-Threading CPU Vuln Can Steal Decryption Keys

Apple Fixes Passcode Bypass, RCE Vulnerabilities, and More in Today's Updates.

Adobe Flash Player Update Released for Remote Code Execution Vulnerability