Intel processors made in the past decade have potential security flaw , II Serious Intel CPU design flaw may require a Windows patch, but probably won't affect gaming performance , II All Intel Processors Made in the Last Decade Might Have a Massive Security Flaw
A report on LWN, a Linux kernel development site (sub required), details of a hardware bug in modern Intel CPUs that allows an attacker to access low-level kernel memory that is normally protected from higher level (programs and user) access. As reported on The Register, this bug could have big consequences, requiring OS kernel patches on Windows, Linux, and OS X. Those fixes could actually cause the affected CPUs to perform more slowly, but don't panic: your gaming PC is unlikely going to see a dramatic change as a result.
This is complicated stuff, so I'll try to break it down. The method of attack revolves around identifying virtual memory pages in specific sequences that reveal locations in memory where protected kernel space resides. The bug is a hardware bug, so there's no easy fix except to wait for AMD and Intel to implement a fix in next generation CPUs. The flaw affects multiple generations of Intel CPUs.
The expected short term solution will come from OSes: operating systems can apply what's called a kernel Page Table Isolation (PTI) that cloaks kernel memory addresses. The caveat is that the fix will force the CPU to constantly flush its caches that hold its TLBs, or translation look-aside buffers, which are essentially caches that allow the CPU to quickly access user memory.
In some instances, a performance hit of up to 30 percent or more can be seen, due to the CPU flushing caches, and having to go to slower main memory to access data. While the instances are currently regulated to I/O intensive applications and virtual machines, it does pose a potential situation for slowdown in a desktop environment.
Right now, there's no evidence that the kernel patches will impact a single-user system and it's unlikely going to pose any serious impact for gaming. According to this breakdown of the issue, it seems that the security-related hardware bug will impact large scale applications, such as cloud services. Amazon, Google, and Microsoft are already working on fixes.
We've reached out to Intel for more information and will report back if we receive further details.
There’s small screwups and big screwups. Here is tremendously huge screwup: Virtually all Intel processors produced in the last decade have a major security hole that could allow “normal user programs—from database applications to JavaScript in web browsers—to discern to some extent the layout or contents of protected kernel memory areas,” the Register reported on Tuesday.
Essentially, modern Intel processors have a design flaw that could allow malicious programs to read protected areas of a device’s kernel memory (memory dedicated to the most essential core components of an operating system and their interactions with system hardware). This flaw could potentially expose protected information like passwords. Since the error is baked into the Intel x86-64 hardware, it requires an OS-level overwrite to patch—on every major operating system, including Windows, Linux, and macOS.
The exact details of the design flaw and to what extent users are vulnerable are being kept under wraps for now, per the Register, though since developers appear to be rushing towards patching systems in coming weeks it is likely very bad. In the absolute worst-case speculative scenario, something as simple as JavaScript running on a webpage or cloud-hosted malware could gain access to some of the most sensitive inner workings of an Intel-based device.
Because the fix entails severing kernel memory entirely from user processes, patched OSes could potentially see a massive performance hit of “five to 30 percent slowdown, depending on the task and processor model”:
These KPTI [Kernel Page Table Isolation] patches move the kernel into a completely separate address space, so it’s not just invisible to a running process, it’s not even there at all. Really, this shouldn’t be needed, but clearly there is a flaw in Intel’s silicon that allows kernel access protections to be bypassed in some way.The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel’s overhead, and slows down the computer.Your Intel-powered machine will run slower as a result.
Five to 30 percent is a jaw-dropping number, but because of all the secrecy right now it’s difficult to tell how noticeable the impact will actually be for consumer use—enterprise-scale systems like cloud computing are likely to be the hardest hit. For the average user, it’s possible that the impact will be negligible. It’s also possible that a better implementation of the solution in future patches could reduce the performance hit.
.
“Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel” in redacted form, “and a similar mitigation began appearing in NT kernels in November,” the Python Sweetness blog wrote on Monday. “In the worst case the software fix causes huge slowdowns in typical workloads ... There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine.”
One problem with exploits is that even if this one is buried so deep it took ten years to find it, there’s no putting the cat back in the bag post-discovery. At the very least, the tiny slice of the market running AMD processors has some grounds to feel pleased about themselves.
Intel processors made in the past decade have potential security flaw , II Serious Intel CPU design flaw may require a Windows patch, but probably won't affect gaming performance , II All Intel Processors Made in the Last Decade Might Have a Massive Security Flaw
Intel processors,Linux,Windows,computer processors,macOS,Intel,ntel's processor chips,Intel-powered machine,
No comments
Post a Comment