(Update 04/01/18): Intel has released a statement over the security concerns raised below. It seems that this may not be an issue unique to Intel’s own CPUs and any performance impacts will be mitigated over time. You can find more details HERE.
(Original Story 03/01/18): This week it has emerged that a design flaw in Intel’s CPUs is causing a major security bug, forcing OS makers to make design changes to kernels in order to fix. The bug is present in Intel CPUs produced over the last decade and since a microcode update won’t do the trick, it’s up to the likes of Microsoft, Apple and Linux Distros to fix it themselves, which will lead to a negative impact on performance.
According to the folks at The Register, this chip-level security flaw affects Linux macOS and Windows, leaving programmers scrambling to issue a patch. Currently, Microsoft is expected to publicly introduce the necessary changes to Windows in an upcoming Patch Tuesday. However, it will bring in a performance hit, with the ballpark figure being somewhere between five and 30 percent depending on the processor model and what task you are performing.
The security flaw is found in Intel x86-64 hardware and unfortunately it seems that a microcode update from Intel won’t be able to fix it. This means OS makers will need to fix the issue themselves. Specific details of the vulnerability are currently under embargo, with a public announcement expected this month following the necessary patches.
What we do know is that the bug is present in Intel CPUs produced over the last decade. It allows access to the contents of protected kernel memory areas via normal user processes and applications. To fix this, OS makers need to separate the kernel’s memory completely from user processes. So going forward, when a program needs to do something, it will take longer for the CPU to access the kernel, get the job done and switch back to user mode, which is where the performance hit comes in.
Where does this leave AMD? Well over Christmas AMD sent the following message to the Linux kernel mailing list, stating that its own processors are not affected by this bug: “AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.”
Fundamentally, this bug acts as a security flaw on Intel powered systems. In a best case scenario, it could be used by cyber attackers to exploit other security bugs more easily. In a worst case scenario, it could allow for someone to read the contents of the kernel’s memory, which is usually hidden and can contain all sorts of data, ranging from login keys, files cached from disk, passwords etc.
Intel has already been in contact with OS makers to get the ball rolling on a fix, so expect to hear more about this soon when patches start rolling out for Windows, Linux and macOS.
KitGuru Says: This is a bad scenario for Intel and its customers to find themselves in, particularly given that the main fix will have a negative impact on performance. We’ll keep an eye out for any further updates to this story.