Building a slide deck, pitch, or presentation? Here are the big takeaways:
- Intel processors going back 10 years all have a kernel flaw that could allow an attacker running any sort of app to read the layout of the kernel.
- Fixing the problem involves separating the user and kernel page files, which will cause Linux, Windows, and macOS slowdowns that could be as bad as a 30% performance decrease.
Intel chips going back a decade all contain a serious flaw that's prompting changes to the Linux, Windows, and macOS kernels.
The specific nature of the flaw is still under wraps, with Intel planning to reveal it later this month. Clues have emerged in the form of Linux kernel updates that detail the nature of the change and its connection to "x86 processor bugs that can disclose the layout of the kernel to an attacker."
In short, Linux, Microsoft, and Apple, will have to make serious changes to their OS kernels to separate the user side from the kernel page tables. Users won't see any major changes to the UI side, but all can expect significant OS slowdowns--up to 30% in some cases.
What we know about the flaw
Without verification from Intel, much of what's known about the kernel flaw comes from understanding what's being changed, and how the page tables of the kernel and user-side of operating systems function.
SEE: Incident response policy (Tech Pro Research)
Linux kernel change notes for the change exist, but they're not very specific. We do know that the kernel page tables are being isolated from the rest of the OS, which is a major change from the way intel chips interact with Linux, Windows, and macOS.
Currently, the kernel exists as a part of every process and application's virtual memory, which speeds up the process of handing processor control from the app to the kernel. This has to be done every time an app wants to make a change to the computer outside of its own code, and without the current form of integration software would slow down significantly--which is exactly what's changing.
It's an invisible, yet drastic, departure from the way operating systems currently function, but it's essential if those investigating the quiet nature of major Linux and Windows changes are correct: The current method of virtual memory handling of the kernel could allow an attacker to figure out what it's doing, thereby helping them map (and exploit) it.
SEE: Securing Linux policy (Tech Pro Research)
Unfortunately, separating the two tables will cause significant performance impacts which will vary by application. PostgreSQL programmer Andres Freund tested the changes, finding that slowdowns ranged from 17-23%. The Register speculates that "we're looking at a ballpark figure of five to 30 percent slow down," though newer Intel chips that use PCID should reduce it.
Who is affected?
Any machine running off an Intel chip that's newer than 10 years old is affected, and that includes cloud virtualization solutions like Amazon EC2, AWS, Microsoft Azure, and Google Compute, according to Python Sweetness.
If you use AMD chips you're safe--they aren't affected by the flaw.
To prevent abuse of this bug, make sure you apply any security updates from your OS vendor.
UPDATE: Intel is rolling out patches for affected chips. 90% of affected chips will be patched by the end of next week.
- Nope, no Intel chip recall after Spectre and Meltdown, CEO says (CNET)
- Special report: The future of Everything as a Service (free PDF) (TechRepublic)
- Linux security: Google fuzzer finds ton of holes in kernel's USB subsystem (ZDNet)
- How to upgrade the Linux kernel with a handy GUI (TechRepublic)
- Intel: We've found severe bugs in secretive Management Engine, affecting millions (ZDNet)
- PowerShell: The smart person's guide (TechRepublic)