It has been revealed that virtually all Intel processors that launched in the past decade have a significant chip-level security flaw that could result in certain content - which could include passwords - in protected kernel memory being accessed by malicious code. The problem is so pervasive that it cannot be fixed with a simple patch, but requires an OS-level overwrite of the kernel.
The security flaw, which is baked in on Intel's x86/x64 hardware, is under heavy embargo due to its nature and the risk involved. However, from what could be ascertained by The Register, it has to do with how Intel processors manage kernel executions. Whenever a program needs to execute a command or do anything at all, the processor hands over control to the kernel. To make sure this switching back and forth is executed as fast as possible, the kernel remains in all processes' virtual memory address spaces, even after the processor switches back to user mode. This negated the need for the system to dump cached data, and reload information from memory.
However, this presents an opportunity ripe for exploitation. Since the kernel remains in virtual memory, this could potentially be accessed by database programs or JavaScript exploits in modern web browsers. Recent Intel processors have Process-Context Identifiers (PCID) enabled, which lessens the performance impact of the kernel Page Table Isolation (PTI) workaround being implemented. The aforementioned fix places the kernel in its own dedicated separate address space so it cannot be accessed by any running process.
Since the PTI patch significantly increases the overhead required to execute a process, the performance impact on Intel processors will be significant. Initial testing on Linux has revealed results that show an up to 18% degradation in the speed at which some CPUs execute IO-intensive tasks. Although AMD processors are not affected by the flaw, initial patching on Linux has resulted in its processors slowing down significantly as well. It has since then been amended not to enable the fix for AMD based architecture.
The CPU-level flaw will have a major impact on cloud computing providers, including Amazon EC2, Azure, and Google CE. Microsoft has announced that its Azure cloud will undergo maintenance and reboots on January 10, at which time it will reportedly patch the vulnerability. Amazon has issued a warning email that pointed to a major security update rolling out this Friday.
Operating systems affected by this vulnerability include Microsoft Windows, 64-bit macOS versions, and Linux. The Linux community has already rolled out a patch as mentioned above which can be viewed here, and Microsoft is widely expected to issue a fix on Patch Tuesday. Users on its fast-ring Insider program have already received the patch in November, and December last year.
As for details surrounding this flaw, they are under wraps until later this month.
93 Comments - Add comment