Linked by Thom Holwerda on Wed 3rd Jan 2018 00:42 UTC

A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features - such as PCID - to reduce the performance hit.

That's one hell of a bug.

Permalink for comment 652435
To read all comments associated with this story, please click here.
by Brendan on Wed 3rd Jan 2018 03:22 UTC
Member since:


The minor timing quirk in Intel CPUs (that does not break documented behaviour, expected behaviour or any guarantee, and therefore can NOT be considered a bug in the CPU); allows an attacker to determine which areas of kernel space are used and which aren't.

It does not allow an attacker to read or modify the contents of any memory used by the kernel, and doesn't even tell the attacker what the areas of kernel space are being used for, and by itself is not a security problem at all. It only means that if there are massive security holes somewhere else, those massive security holes might or might not be a little bit easier to exploit. In other words; the main effect is that it makes "kernel address space randomisation" more ineffective at providing "security through obscurity" than it previously was.

Note that the insane hackery to avoid this non-issue adds significant overhead to kernel system calls; ironically, making the performance of monolithic kernels worse than the performance of micro-kernels (while still providing inferior security than micro-kernels). The insane hackery doesn't entirely fix the "problem" either (a small part of kernel must remain mapped, and an attacker can still find out where in kernel space that small part of the kernel is and use this information to infer where the rest of the kernel is).

Fortunately the "malicious performance degradation attack" (the ineffective work-around for the non-issue) is easy for end users to disable.

- Brendan

Reply Score: 1