Report: All Intel Processors Made In The Last Decade Might Have A Massive Security Flaw

Report: All Intel Processors Made In The Last Decade Might Have A Massive Security Flaw

There’s small screwups and big screwups. Here is tremendously huge screwup: Virtually all Intel processors produced in the last decade have a major security hole that could allow “normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the layout or contents of protected kernel memory areas,” the Register reports.

Essentially, modern Intel processors have a design flaw that could allow malicious programs to read protected areas of a device’s kernel memory (memory dedicated to the most essential core components of an operating system and their interactions with system hardware). This flaw could potentially expose protected information like passwords. Since the error is baked into the Intel x86-64 hardware, it requires an OS-level overwrite to patch – on every major operating system, including Windows, Linux, and macOS.

The exact details of the design flaw and to what extent users are vulnerable are being kept under wraps for now, per the Register, though since developers appear to be rushing towards patching systems in coming weeks it is likely very bad. In the absolute worst-case speculative scenario, something as simple as JavaScript running on a webpage or cloud-hosted malware could gain access to some of the most sensitive inner workings of an Intel-based device.

Because the fix entails severing kernel memory entirely from user processes, patched OSes could potentially see a massive performance hit of “five to 30 per cent slowdown, depending on the task and processor model”:

These KPTI [Kernel Page Table Isolation] patches move the kernel into a completely separate address space, so it’s not just invisible to a running process, it’s not even there at all. Really, this shouldn’t be needed, but clearly there is a flaw in Intel’s silicon that allows kernel access protections to be bypassed in some way.

The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel’s overhead, and slows down the computer.

Your Intel-powered machine will run slower as a result.

Five to 30 per cent is a jaw-dropping number, but because of all the secrecy right now it’s difficult to tell how noticeable the impact will actually be for consumer use — enterprise-scale systems like cloud computing are likely to be the hardest hit. For the average user, it’s possible that the impact will be negligible. It’s also possible that a better implementation of the solution in future patches could reduce the performance hit.

“Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel” in redacted form, “and a similar mitigation began appearing in NT kernels in November,” the Python Sweetness blog wrote on Monday. “In the worst case the software fix causes huge slowdowns in typical workloads … There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine.”

One problem with exploits is that even if this one is buried so deep it took ten years to find it, there’s no putting the cat back in the bag post-discovery. At the very least, the tiny slice of the market running AMD processors has some grounds to feel pleased about themselves.

[The Register/Hot Hardware]


    • Seriously tho.

      At first when I read this article I was like “Dammit now mum is going to see all my porn channels”. But a moment later I realised the timing of this announcement and Apple’s scandal can’t be a coincidence.

      I’m pretty sure this “30%” slowdown is really just a case of every other company realising they are now legally free to sell you a computer, then cripple it, in order to make you buy next year’s model.

      It’s a free market. Why wouldn’t you?

  • The headline may be a bit misleading…. here is part of Intels statement, according to them the problem is not unique to Intel processors.

    “Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.
    Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.“

    • Of course Intel would try and deflect blame, they are a company and will lose money.

      It also depends what specific flaw Intel are choosing to talk about.

  • There are now 2 exploits, meltdown (intel) and specture (ARM and AMD)
    At the moment it appears to effect 64bit systems only and is a flaw in the way speculative execution works.

    • Almost correct. Yes, the vulnerability is now split into two variants. Meltdown is Intel, but Spectre affects Intel, AMD, and ARM … actually, any processor that use speculative execution.

      Meltdown takes advantage of a flaw in Intel speculative execution that will fetch data from protected memory. Spectre is a generic range of attacks that use speculative execution and side channels to figure out protected data. In the future, it’s likely that specific Spectre vulnerabilities will get different codenames.

      Both 32 and 64 bit systems are affected. Indeed, the number of bits are irrelevant. This is to do with how a processor runs instructions, not the instruction set.

      • I did say at the moment, when I posted. At the time intel were saying latest generation chips. Which I can’t think of a 32bit CPU that is latest generation of any of the manufacturers. But yes as more details come to light it is any CPU that allows out or order execution is open to vulnerabilities.

        • Yep, no worries. Just expanding on your post, and correcting misconceptions of the time. As we start to understand more about how the vulnerabilities work, it becomes pretty apparent what’s affected.

          I have no idea how they’ll fix Spectre. There’s no obvious solution, especially given the generic nature of the beast. It’ll be something that will continue to affect us for years to come. Mind you, it’s also extremely hard to take advantage of, so attacks may be impractical for the most part.

Show more comments

Log in to comment on this story!