Programmers at Intel, Microsoft, and other organizations are working to patch a serious security flaw in Intel processors that could leave protected data on PCs and servers vulnerable to hacks and malicious software.
The flaw, which appears to affect all Intel chips made over the past 10 years or so, opens up the potential for bad actors to exploit the kernels at the heart of Linux- and Windows-based operating systems. Details about how such exploits might work have been kept largely under wraps until patches can be developed and applied. And Intel has yet to comment publicly on the processor vulnerability.
Some Linux patches have already been released, and Microsoft could make a fix available during next week's Patch Tuesday. However, those solutions could significantly slow device speeds -- anywhere between 5 percent and 30 percent, according to recent reports. That could affect not only business and consumer PCs but servers run by cloud services giants, such as Amazon, Google, and Microsoft.
Flaw Details under Embargo
While news about the Intel chip flaw and its possible fixes have been circulating in the developer and programmer world for a few months, the problem has just recently come to light for mainstream computer users. The Register noted yesterday that details about the bug are currently embargoed pending the release of effective patches.
The problem with such KPTI fixes is that they require systems to switch from one address space for process virtual memory to a separate address for kernel memory every time a program needs to access kernel mode.
"The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 percent slow down, depending on the task and the processor model," The Register reported. "More recent Intel chips have features -- such as PCID [process-context identifiers] -- to reduce the performance hit."
The Register also noted that some Linux developers working on a patch were frustrated to the point they considered naming the fix, "Forcefully Unmap Complete Kernel With Interrupt Trampolines," or F*CKWIT.
No Issue with AMD Chips
Microsoft has scheduled a Jan. 10 security and maintenance update for customers running cloud-based Azure virtual machines, and Amazon has notified its EC2 cloud customers that it's planning similar updates sometime between Friday and Saturday. Both appear to be aimed at addressing the Intel processor vulnerability.
On Monday, a developer who blogs under the name Python Sweetness posted an overview of Linux Page Table Isolation patch activity that noted the flaw could also impact users of Google's Compute Engine. He cited recent discussions on the Linux and Unix news site LWN.net.
"On the kernel mailing list we can see, in addition to the names of subsystem maintainers, e-mail addresses belonging to employees of Intel, Amazon and Google," Python Sweetness said. "The presence of the two largest cloud providers is particularly interesting, as this provides us with a strong clue that the work may be motivated in large part by virtualization security."
On another Linux site, the Linux Kernel Mailing List, AMD software engineer Thomas Lendacky observed in late December that AMD processors do not appear to have the same vulnerability as Intel chips. Coupled with the latest revelations about the Intel flaw, that news appears to have helped drive up the value of AMD shares today, while Intel's stock price has dropped significantly.
Posted: 2018-01-03 @ 1:06pm PT
Intel just issued this public response:
Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
Recent reports that these exploits are caused by a "bug" or a "flaw" and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices -- with many different vendors' processors and operating systems -- are susceptible to these exploits.
Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.
Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.
Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.
Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.