There are numerous reports surfacing about a major security bug present in Intel’s CPUs spanning back over a decade. The OS-level fix reportedly comes with a 5-30% decrease in performance depending on the CPU and workload. This could be very bad news for Intel.
“At best, the vulnerability could be leveraged by malware and hackers to more easily exploit other security bugs.”
The actual details surrounding the vulnerability are currently under embargo, meaning there’s not a lot of information about when it was discovered, how long repairs have been underway, etc. However, the embargo is supposed to lift early this month so we should know more about the specifics sooner than later.
For now, we loosely know what the security vulnerability is and who it’s most likely to effect. Luckily, gamers and your average desktop don’t have a whole lot to worry about.
Basically, this flaw allows any regular program to extract information (usernames/passwords, cached files, basically whatever) from protected kernel memory areas – something that definitely should not be possible. It effectively allows users of a virtual machine to access the data of another virtual machine on the same physical machine. That’s bad, especially for data centers and the like.
The security vulnerability is reportedly present in all Intel x86 CPUs spanning back a decade; that’s pretty much every single Intel CPU in use today right back to the 2008 Nehalem architecture and maybe even before. Like I said, this could be very bad news for Intel. Or it might not be, there’s really no way to know just yet.
“OS kernel-level software patches to mitigate this vulnerability, come at huge performance costs that strike at the very economics of choosing Intel processors”
Fixing this flaw requires an OS-level patch that will effectively separate the kernel completely from user processes using a Kernal Page Isolation table or KTPI. The patch will increase computing time by adding more steps into the kernel’s workload in an attempt to add a layer of security. Long story short, Intel CPUs are going to see anywhere from a 5-30%+ decrease in performance depending on the workload.
The secrecy surrounding this problem and the speed at which it’s being fixed has me wondering how severe it really is. I’m going to put my tin foil hat on here for a second; I remember seeing articles earlier in December (like this one) mentioning that Brian Krzanich, Intel CEO, dumped nearly $11-million worth of his Intel shares to leave him with the bare minimum of 250k that his position as CEO dictates he must have. Does Brian know something that we don’t about this flaw? Or is my tin foil hat secured a little too tight? Probably the latter.
If you’re currently sporting an AMD processor, well, there’s really nothing to even be concerned about here. AMD processors are reportedly immune to this security vulnerability and thus do not require patching. However, according to TechPowerUp AMD is currently struggling to have their CPUs excluded from the patches as they would also see a (completely unwarranted) decrease in performance.
AMD software engineer, Tom Lendacky, sent out an email to the Linux kernel mailing list over Christmas and in it directly stated “AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against.”
As it stands, there’s not a lot of other information surrounding this flaw, security vulnerability, or whatever you’d like to call it. Once more information arises, you’ll know as soon as I do.[Update 01/04/2018] The vulnerabilities have now been given names. Meltdown and Spectre.