The New Year has not started on a good note for owners of PCs powered by Intel processors, as a serious design flaw and security weakness discovered in Intel CPUs could virtually affect every operating system, including Linux, macOS and Windows, reports The Register, who was the first to share information on the vulnerability.
Apparently, modern Intel processors from the past decade are affected by the flaw. The vulnerability allows commonly used programs to read the contents or layout of a computer’s protected kernel memory areas that are reserved to protect sensitive information like passwords, login keys, and files cached from disk.
According to a blog post published, the core team of Linux kernel development has developed a critical kernel update but have not provided exact details of the flaw. According to the source report, Intel processors (x86-64) have a severe hardware-level issue that could allow hackers and malicious programs to access protected kernel memory.
This hardware flaw is such that kit cannot by fixed with a microcode update. “It has to be fixed in software at the OS level, or go buy a new processor without the design blunder,” explains The Register.
The fix requires a fundamental redesign of the operating system kernel, which involves isolating the kernel’s memory from user processes using Kernel Page Table Isolation (KPTI) at the OS level. It is assumed that the processor performance will be considerably impacted by the KPTI implementation.
The public embargo is expected to lift soon and Microsoft is expected to patch Windows in a forthcoming Patch Tuesday. Linux developers are trying to overhaul the OS’s “kernel’s virtual memory system,” according to The Register.
The kernel changes could slowdown Windows and Linux machines by between 5 and 30 per cent, depending upon task and processor model once a fix is done, reports The Register. On the other hand, it is expected that Macs may not be affected heavily, as no obvious performance slowdowns have been reported since the launch of macOS 10.13.2.
In a statement released on Wednesday afternoon, Intel said that the bug is not unique to Intel products and that “many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.” While Intel’s statement clearly denies that the exploits can corrupt, modify or delete data but it does not say anything about the ability to read or access data.
It also mentioned that it is working closely with the likes of AMD, ARM Holdings and several operating system vendors to solve the issues.
“Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
“Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.
“Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers”.
Source: The Register