Intel Processor Bug Leaves All Current Chips Vulnerable And Its Fix Saps Performance
If an Intel processor from the last decade is powering your desktop, laptop or other PC, or perhaps servers in your data center, chances are you’re going to have to deal with a new vulnerability and hardware-level chip bug that is currently out in the wild. As Brandon Hill at HotHardware reports, the bug also affects virtually all operating systems from Windows, to Linux and MacOS. Further, and this is perhaps the worst part, the software patch for whatever OS you’re currently running, will bleed off system performance by as much as 30 percent. In data centers, this is a double-edged sword of both security and performance concerns that could result in significant expenditures in man-hour resources to patch systems and potentially affect critical available CPU resources as well.
The bug, which only exists in Intel processors, allegedly allows access to kernel memory data, which is a major security threat vector that could be fairly easily exploited. Software patches, or work-arounds for all operating systems, would require implementing Kernel Page Table Isolation (PTI) mechanisms, which would isolate kernel memory, rendering it inaccessible. Linux patches have already been pushed out by Linus Torvalds himself and Microsoft is expected to issue an update in one of its future Patch Tuesday releases for Windows.
To be clear, these software patches are being released and will apply this fix for all processors, regardless of processor type in the targeted system. In other words, though AMD processors are not effected and are not subject to this vulnerability, applying the patch would regardless also result in possible performance degradation. Thomas Lendacky, a member of the Linux OS group at AMD reports “AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.” As such, AMD is currently not recommending patching systems for this Intel bug, though again, it will likely be pushed from OS vendors, regardless.