A serious bug has been discovered that affects multiple generations of Intel CPUs, as well as cloud providers like Amazon and Google – and the fix could cut performance by more than a third.
The news was first broken on Linux kernel development site LWN, with subsequent reports on Reddit. The flaw is a fundamental one affecting Intel x86-64 hardware, and so cannot be fixed with a simple microcode update. Instead, it needs a change in software at the OS level.
Full details are still unclear, with Intel due to lift an embargo soon, but here’s what we know so far:
The bug is a design flaw in Intel processor chips produced over the last 10 years. Attackers can use it to identify protected kernel memory that is normally protected from higher-level (programmes and users) access.
The kernel briefly takes control of the CPU whenever a programme needs to perform a certain action, like writing to a file. To speed this process up, the kernel is present in all processes’ virtual memory address spaces, even though it can’t be accessed by these programmes.
Updates to the Linux and Windows virtual memory systems change this functionality by separating the kernel’s memory completely from user processes, using Kernel Page Table Isolation (KPTI).
KPTI moves the kernel into a different address space, so it isn’t just invisible; it’s not there. The downside is that it takes longer to switch between user mode and kernel mode, forcing the processor to dump cached data and reload information from memory. Reports indicate a slowdown of up to 35 per cent on some Core i7 CPUs.
In the best-case scenario, attackers could use the flaw to more easily exploit other bugs. More seriously, programmes and other logged-in users could read the contents of the kernel’s memory – which can contain passwords, login keys and cached files. That could apply to multiple users on a virtual machine, or a shared public cloud server.
AMD says that its systems are not affected. In an email sent to the Linux kernel mailing list on Boxing Day, the company wrote:
‘AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.’
A software developer known as Python Sweetness wrote on Monday that the bug ‘impacts common virtualisation environments including Amazon EC2 and Google Compute Engine’. AWS has already warned customers to expect a major security update this Friday, and the Azure cloud is due maintenance and reboots on the 10th of January.
Save this article