Linked by Thom Holwerda on Wed 3rd Jan 2018 00:42 UTC
Intel

A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features - such as PCID - to reduce the performance hit.

That's one hell of a bug.

Thread beginning with comment 652438
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Overhyped
by Brendan on Wed 3rd Jan 2018 04:58 UTC in reply to "RE: Overhyped"
Brendan
Member since:
2005-11-16

Hi,

In any case, would that be exploitable via JavaScript? If not I don't care at all. Anything else I run already deliberately on my machine and it can access all my files anyway. And that is what matters to me, my files. Root cannot do more damage to me than a user process.


If you have poorly designed hardware (e.g. that is susceptible to "rowhammer") and a poorly designed kernel (e.g. a monolithic kernel where there's a strong relationship between virtual addresses used by the kernel and physical addresses); then in theory this minor timing quirk can make it a little easier for an attacker to exploit huge gaping security holes that should never of existed.

Javascript probably can't use the minor timing quirk (it relies on a strict access pattern involving the use of a "dodgy pointer" that will cause a page fault; and Javascript is designed not to support pointers or raw addresses); so an attacker using Javascript will exploit the gaping security holes without using the minor timing quirk.

- Brendan

Reply Parent Score: 2