Just two days into 2018 and Intel seems to have run out of luck. Reports have started emerging, suggesting that Intel processors suffer from a major security bug. To make matters worse, this is said to be a design flaw, which isn’t exactly easy to fix. And even when the fix is available, there will be an appreciable dip in performance.

Intel ProcessorsAccording to the report, this is a “fundamental design flaw” that is “present in modern Intel processors produced in the past decade.”

The Register, who first reported this, explains:
At worst, the hole could be abused by programs and logged-in users to read the contents of the kernel’s memory. Suffice to say, this is not great. The kernel’s memory space is hidden from user processes and programs because it may contain all sorts of secrets, such as passwords, login keys, files cached from disk, and so on. Imagine a piece of JavaScript running in a browser, or malicious software running on a shared public cloud server, able to sniff sensitive kernel-protected data.

A patch-fix for this architectural security bug isn’t convenient either. The report explains that the fix could tank the performance somewhere between 5 to 30 percent. The reason behind this is that the processor must change the way it dumps cached data and reloads information from memory.

Currently, Microsoft and Linux developers are working on the fix. The bug also affects Intel-powered Macs, but Apple’s course isn’t clear at the moment. Because of the the severity of the flaw, it can’t be fixed with a small hotfix or microcode update, but rather requires an OS-level fix, which is what complicates the matter.
These Kernel Page Table Isolation patches move the kernel into a completely separate address space, so it’s not just invisible to a running process, it’s not even there at all. Really, this shouldn’t be needed, but clearly there is a flaw in Intel’s silicon that allows kernel access protections to be bypassed in some way.The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel’s overhead, and slows down the computer.
Also, since this is an x86 level issue prevalent since the past decade, it means that even AMD might not be out of the woods just yet. But as of now, neither Intel or AMD have made any official remarks on this report. If this turns out to be true, this is sure going to send shock-waves through the industry, and this is especially bad for Intel since their boat is still rocking due to the storm that AMD’s Ryzen caused. We’ll update you on this as the story develops.

Leave a Reply