Massive security flaw found in Intel CPUs, patch could hit performance by up to 30%
This looks bad
By Rob Thubron on Jan 3, 2018, 4:00 AM 38 comments
Almost every Intel processor manufactured over the last decade contains a major security flaw that could be exploited in severe attacks. If that isn’t bad enough, patching the issue might slow down the performance of a CPU by up to 35 percent.
The exact details of the vulnerability have been placed under an embargo to give Intel time to work on a fix. According to The Register, the flaw could allow normal user programs to see some of the content of protected kernel memory areas, which means any malicious programs might be able to read information like passwords, login keys, files cached from disk, and more.
“Imagine a piece of JavaScript running in a browser, or malicious software running on a shared public cloud server, able to sniff sensitive kernel-protected data,” wrote The Register.
As the problem is within the Intel x86-64 hardware, it can’t be fixed with a microcode update; instead, an OS-level fix is required for the affected operating systems, which includes Windows, Linux, and macOS.
The immediate solution comes in the form of a kernel Page Table Isolation (PTI), which separates the kernel’s memory from user processes. But this solution increases the kernel’s overhead, causing the system to slow down by five to 30 percent, “depending on the task and processor model.”
These KPTI [Kernel Page Table Isolation] patches move the kernel into a completely separate address space, so it’s not just invisible to a running process, it’s not even there at all. Really, this shouldn’t be needed, but clearly there is a flaw in Intel’s silicon that allows kernel access protections to be bypassed in some way.
The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel’s overhead, and slows down the computer.
Your Intel-powered machine will run slower as a result.
It seems companies that use virtualized environments are the biggest targets for those looking to exploit the vulnerability. "There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine,” wrote Python Sweetness. Microsoft, Amazon, and Google are all working on fixes set to be implemented over the next week.
For everyday users, it's possible the patches won’t have much of an impact on everyday usage and gaming frame rates. Additionally, future fixes should have less of an effect on performance.
Intel rival AMD has already used the vulnerability as a way of promoting its processors, which it says aren’t affected due to their extra security protections.
“AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against,” wrote Thomas Lendacky, a member of the Linux OS group at AMD. “The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.”
This looks bad
By Rob Thubron on Jan 3, 2018, 4:00 AM 38 comments
Almost every Intel processor manufactured over the last decade contains a major security flaw that could be exploited in severe attacks. If that isn’t bad enough, patching the issue might slow down the performance of a CPU by up to 35 percent.
The exact details of the vulnerability have been placed under an embargo to give Intel time to work on a fix. According to The Register, the flaw could allow normal user programs to see some of the content of protected kernel memory areas, which means any malicious programs might be able to read information like passwords, login keys, files cached from disk, and more.
“Imagine a piece of JavaScript running in a browser, or malicious software running on a shared public cloud server, able to sniff sensitive kernel-protected data,” wrote The Register.
As the problem is within the Intel x86-64 hardware, it can’t be fixed with a microcode update; instead, an OS-level fix is required for the affected operating systems, which includes Windows, Linux, and macOS.
The immediate solution comes in the form of a kernel Page Table Isolation (PTI), which separates the kernel’s memory from user processes. But this solution increases the kernel’s overhead, causing the system to slow down by five to 30 percent, “depending on the task and processor model.”
These KPTI [Kernel Page Table Isolation] patches move the kernel into a completely separate address space, so it’s not just invisible to a running process, it’s not even there at all. Really, this shouldn’t be needed, but clearly there is a flaw in Intel’s silicon that allows kernel access protections to be bypassed in some way.
The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel’s overhead, and slows down the computer.
Your Intel-powered machine will run slower as a result.
It seems companies that use virtualized environments are the biggest targets for those looking to exploit the vulnerability. "There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine,” wrote Python Sweetness. Microsoft, Amazon, and Google are all working on fixes set to be implemented over the next week.
For everyday users, it's possible the patches won’t have much of an impact on everyday usage and gaming frame rates. Additionally, future fixes should have less of an effect on performance.
Intel rival AMD has already used the vulnerability as a way of promoting its processors, which it says aren’t affected due to their extra security protections.
“AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against,” wrote Thomas Lendacky, a member of the Linux OS group at AMD. “The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.”