Older Intel CPUs are reportedly suffering from a chip-level security flaw which is not easily fixable.
To fix the flaw, there will have to be a significant redesign of the Linux and Windows kernels, which are OS level changes. The expected side-effect of this fix involves the slowing down of OS performance.
According to The Register, not much is known about the flaw, but it calls it a 'fundamental design flaw' which is found in Intel processors from the last decade. The flaw cannot be fixed with a microcode update but will require changes at the OS level.
Linux patches have already been distributed, although with redacted comments. Microsoft is expected to respond to the bug in its monthly 'Patch Tuesday' update. Apple's macOS will also need to be updated soon. According to The Register, you are looking at a 5 to 30 percent performance hit depending on the task and the processor model. The effects of the OS patch are still being benchmarked.
According to HotHardware, the bug lets everyday programs to illegally access certain content in the protected kernel memory. "The "fix", so to speak, is to implement Kernel Page Table Isolation (PTI), which, for all intents and purposes, makes the kernel invisible to running processes. In a perfect world, such training wheels shouldn't be needed to isolate the kernel, but software patches that are nearing release for Windows, Linux and macOS systems will address the exploit head-on," says the report.
The Python Sweetness blog notes that the attack could impact common virtualisation environments such as Amazon's EC2 and Google Compute Engine. Microsoft Azure and Amazon Web Services have both scheduled maintenance that will take place next week according to HotHardware.
AMD has said that its processors are not affected by this bug and there will be no performance hit on OS running on its systems. "AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault," said AMD.
Updated Date: Jan 03, 2018 09:14 AM