A newly discovered silicon-level flaw in Intel's chip designs is forcing operating system manufacturers to update kernels and other software components to rectify the issue, changes that will reportedly result in performance slowdowns of up to 30 percent.
According to a report from The Register, the security flaw grants user applications a certain level of access to protected kernel memory data, which can include everything from passwords to application keys and file caches.
While details surrounding the bug are being kept under wraps until fixes are issued for major operating systems like Microsoft's Windows and the open-source Linux, the vulnerability is present in Intel x86 hardware produced during the past decade. That includes processors in past and current Macs.
Importantly, Intel is unable to close the hole with a firmware update, leaving operating system manufacturers like Microsoft and Apple to push out fixes on their end. Alternatively, users can purchase a new processor that does not contain the fault.
Microsoft is reportedly preparing to release fixes for Windows in an upcoming Patch Tuesday release, with the update due to arrive as early as next week. Recent patches to Linux's kernel virtual memory system yield clues as to what is amiss, and what remedies developers plan to implement in the coming days.
Linux programmers have elected to completely separate a system's kernel memory from system processes using Kernel Page Table Isolation (KPTI). KPTI patches move the kernel from virtual memory address spaces into its own distinct address space.
The drastic measure suggests Intel's silicon contains a fundamental flaw that could allow user programs to usurp kernel protections. Exactly how the built-in security protocols can be bypassed, or by what mechanism the kernel is being made available to user programs, is unknown.
Separating the kernel into its own address space comes at a hefty premium on operating performance, with current benchmarks showing a five to 30 percent slowdown depending on task and CPU model, the report said.
Aside from Microsoft's Windows and Linux, 64-bit versions of Apple's macOS are also open to the vulnerability. Beyond personal computers, some believe cloud services like Amazon EC2, Microsoft Azure and Google Compute Engine are impacted by the bug and will need to be updated.
90 Comments
In a just world this truly horrendous issue should crash Intel's stock, but probably won't, only Apple seemingly gets any scrutiny for anything even when it is trivial.
If a OS-level patch can "fix" a security flaw built into CPU HW then a OS-level SW hack may be be able to exploit it.
This seems like exceptionally bad news - for everyone. Just knowing this flaw exists, even without details, means the bad actors of the world will be working overtime to find an exploit. And then they'll work to find an exploit to the fix. This has got to be Intel's biggest screwup ever. It would be nice to get some info eventually on what chips/machines are affected and by how much.
If Intel has or can fix this HW issue then I will demand a replacement Mac for every Mac I own. Software won’t fix a HW issue that a hack can’t exploit. I see a class action lawsuit against Intel not Apple.
does anyone remember the intel division bug?