#Fail: Intel Chips Have Memory Access Design Flaw & The Fix Could Lead To A Performance Drop

This isn’t good. A serious design flaw and security vulnerability has been discovered in Intel’s CPUs that will require an update at the operating system level to fix, reports The Register:

Programmers are scrambling to overhaul the open-source Linux kernel’s virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

So a fix is inbound. But the fix might be worse than the cure:

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we’re looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.

And for you Mac fans out there, you’re affected too. Not to mention quite a few other operating systems:
Similar operating systems, such as Apple’s 64-bit macOS, will also need to be updated – the flaw is in the Intel x86-64 hardware, and it appears a microcode update can’t address it. It has to be fixed in software at the OS level, or go buy a new processor without the design blunder.
Excellent. And by excellent I mean that this sucks. So, what is the actual vulnerability:

At best, the vulnerability could be leveraged by malware and hackers to more easily exploit other security bugs.

At worst, the hole could be abused by programs and logged-in users to read the contents of the kernel’s memory. Suffice to say, this is not great. The kernel’s memory space is hidden from user processes and programs because it may contain all sorts of secrets, such as passwords, login keys, files cached from disk, and so on. Imagine a piece of JavaScript running in a browser, or malicious software running on a shared public cloud server, able to sniff sensitive kernel-protected data.

Now the details are light and understandably so. Though one suspects that some evil doer is likely trying to figure out how to exploit this as we speak. What details do exist can be found at The Register story that I linked to. But this is a major screw up by Intel which is further underscored by the fact that AMD processors don’t have this issue. And seeing as it affects Intel processors that have been around for the last 10 year or so, this will likely be a significant story in 2018.

UPDATE: Mac users apparently don’t have to worry. If you’re running macOS 10.13.2, it was fixed in that version according to kernel expert Alex Ionescu:

And if you were worried about a performance drop because of this fix on your Mac:

 

Oh yeah. Proof of concept exploit code now exists, which is bad of course:

Advertisements

One Response to “#Fail: Intel Chips Have Memory Access Design Flaw & The Fix Could Lead To A Performance Drop”

  1. […] This morning it came to light that there was a memory access design flaw in Intel processors and fixing it could lead to a performance …. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: