Vulnerability of Intel processors puts Windows, Linux and macOS under attack

By: Bohdan Chub | 03.01.2018, 19:42
Vulnerability of Intel processors puts Windows, Linux and macOS under attack

In Intel's processors released over the past decade, a hardware vulnerability has been discovered that allows user programs to read the contents of the OS kernel memory, accessing logins, passwords, and other sensitive information. The risk is exposed to Windows, Linux and macOS, and since updating microcode chips does not solve the problem, developers are urgently preparing fixes for operating systems. The bad news is that with the patch's output, device performance can be reduced by 5-30% depending on the task being performed.

What happened?

Details of the vulnerability will be announced later this month after the necessary updates are released (Linux already, update for Windows on the approach, Apple has traditionally kept silent). The problem is the following: modern operating systems randomly change the location of the kernel code at each boot, but since Intel processors with x86-64 architecture execute memory access instructions without additional security check, the application can read the private data. Normal programs do not do this, but this is another loophole for hackers.

To solve the problem, developers will have to separate the kernel memory from the memory of user processes (KPTI model or Kernel Page Table Isolation). In this case, the processor will have to reset the TLB associative translation buffer each time it enters the kernel, which greatly affects the speed of operation. In the chips of recent years, this is not so noticeable thanks to the support of PCID / ASID functions.

The first tests showed that the transition to KPTI will not have a serious impact on performance in games, but when working with databases (PostgreSQL, Redis) the difference is already noticeable. As experts say, as a result, the cloud computing and virtualization platforms will suffer most, including Amazon Web Services, Microsoft Azure and Google Compute Engine.

And what about AMD?

According to available information, the problem did not affect the AMD processors, although the updated Linux kernel automatically marks all the chips as unreliable and uses the KPTI mechanism. Apparently, the developers just did not have time to make an exception for the "reds."

Intel can close the hardware vulnerability in future processors, but when this happens it is not known. AMD is rubbing its hands in anticipation of record sales, especially since the Ryzen line was a success.

Source: The Register