Patches to Intel kernel flaw could slow down computers by 30 %
An apparent security flaw has been reportedly found in almost every Intel processor chip made in the last decade, forcing a redesign of Linux and Windows kernels. Adding insult to injury, the required patches for Windows, macOS and Linux machines could slow down computers by as much as 30 %. Specific details regarding the flaw have yet to be made public.
Originally reported by The Register, the design flaw in Intel’s x86-64 hardware, which was introduced in 2004, could enable cyber criminals to gain access to the kernel, a feature of an operating system (OS) that controls nearly everything. While technical details concerning the glitch are dense, basically, kernel memory information is being leaked, which hackers could seize to inject malicious malware into a PC.
“Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,” Intel said in a statement released Wednesday. “Intel believes these exploits do not have the potential to corrupt, modify or delete data. Recent reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect.”
Fixing the bug would require isolating the kernel memory from user processes. Kernel memory sharing allows systems to run smoothly. Consequently, any patch that put an end to that sharing would slow down the computer.
According to Applelnsider, Apple has issued a partial fix to the issue with December’s macOS 10.13.2. The report said Apple mitigated the glitch by modifying existing programming requirements associated with the kernel memory information in macOS. Additional changes are anticipated to be coming to 10.13.3, which is currently in beta testing.
It is uncertain to what extend these patches will impact Windows, Mac and Linux machines. Nevertheless, a software developer called Python Sweetness suggested major cloud service providers and virtual machines may bear the brunt of the design flaw. Microsoft’s Azure Cloud has scheduled maintenance for next week, while Amazon Web Services (AWS) has warned customers to brace themselves for a major security update this Friday.
In an email sent to Linux kernel mailing list, semiconductor company AMD said the enterprise’s chips were not impacted by the security glitch. “AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against,” AMD software engineer Tom Lendacky wrote. “The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.” As a result of the design flaw, AMD shares rose 5.2 % Wednesday as Intel shares dropped 3.4 %.