A significant vulnerability has been discovered in all Intel processor chips and it’s going to have a huge impact going forward. The Register first noticed this major design flaw in Linux kernel patch notes. All operating systems will have to be updated (Linux distributions, Windows, macOS…).
And the worst part is that this patch is going to affect your computer performance. Based on a few benchmarks, The Register thinks computers running Intel chips are going to be slower by 5 to 30 percent.
So what happened exactly? This vulnerability is quite nasty because it’s a widespread hardware bug. Updating your computer can’t make the problem disappear altogether. That’s why operating system vendors are currently redesigning some of the core functionalities of your computer as a workaround.
The bug allows normal user programs to access the protected memory in the kernel. A kernel is the core of an operating system. It’s a process that handles the most sensitive tasks in your system.
For instance, the kernel controls the interaction between an application and the file system. It’s basically the gatekeeper that is going to allow a program to read and write files. It also manages memory and peripherals, such as your keyboard and your camera.
In other words, the kernel can do everything on your computer by design. But you don’t want the kernel to be compromised — it is one of the most serious attack vectors in modern operating systems.
Interactions between user processes and the kernel have been made as efficient as possible through various hardware and software optimizations.
Because of a design flaw, user programs with low privileges can read protected kernel memory. If an attacker or an intelligence agency can find a way to install a normal program on your computer, they could then be able to read passwords stored in the kernel memory, private encryption keys, files cached from the hard drive and more.
This is even worse on shared systems. Many cloud hosting platforms, such as Amazon Web Services, Microsoft Azure and Google Cloud Platform share computer resources between multiple clients — multiple clients use the same hardware components. With today’s bug, one client could access sensitive information about another client using this kernel exploit.
Developers working on the Linux kernel have been working hard on a fix for a while. Their discussions are public, but details of the design flaw are still unclear. According to Python Sweetness, the security bug is under embargo. Intel will reveal more information about it once Microsoft, Apple and the Linux team have released patches.
Microsoft has been working on a patch since November. Apple is also working on a similar fix.
The bad news is that the Kernel Page Table Isolation fix makes everything run slower on Intel x86 processors. AMD said that its processors are not subject to the vulnerability. So if your computer appears slower than it should be, it’s because it is.
