A newly discovered silicon-level flaw in Intel's chip designs is forcing operating system manufacturers to update kernels and other software components to rectify the issue, changes that will reportedly result in performance slowdowns of up to 30 percent.
According to a report from The Register, the security flaw grants user applications a certain level of access to protected kernel memory data, which can include everything from passwords to application keys and file caches.
While details surrounding the bug are being kept under wraps until fixes are issued for major operating systems like Microsoft's Windows and the open-source Linux, the vulnerability is present in Intel x86 hardware produced during the past decade. That includes processors in past and current Macs.
Importantly, Intel is unable to close the hole with a firmware update, leaving operating system manufacturers like Microsoft and Apple to push out fixes on their end. Alternatively, users can purchase a new processor that does not contain the fault.
Microsoft is reportedly preparing to release fixes for Windows in an upcoming Patch Tuesday release, with the update due to arrive as early as next week. Recent patches to Linux's kernel virtual memory system yield clues as to what is amiss, and what remedies developers plan to implement in the coming days.
Linux programmers have elected to completely separate a system's kernel memory from system processes using Kernel Page Table Isolation (KPTI). KPTI patches move the kernel from virtual memory address spaces into its own distinct address space.
The drastic measure suggests Intel's silicon contains a fundamental flaw that could allow user programs to usurp kernel protections. Exactly how the built-in security protocols can be bypassed, or by what mechanism the kernel is being made available to user programs, is unknown.
Separating the kernel into its own address space comes at a hefty premium on operating performance, with current benchmarks showing a five to 30 percent slowdown depending on task and CPU model, the report said.
Aside from Microsoft's Windows and Linux, 64-bit versions of Apple's macOS are also open to the vulnerability. Beyond personal computers, some believe cloud services like Amazon EC2, Microsoft Azure and Google Compute Engine are impacted by the bug and will need to be updated.