Report: All Intel Processors Made In The Last Decade Might Have A Massive Security Flaw

There's small screwups and big screwups. Here is tremendously huge screwup: Virtually all Intel processors produced in the last decade have a major security hole that could allow "normal user programs - from database applications to JavaScript in web browsers - to discern to some extent the layout or contents of protected kernel memory areas," the Register reports.

AU Editors note: this article was published at 4:30pm on January 3. For a more recent article with new information, head here.

Essentially, modern Intel processors have a design flaw that could allow malicious programs to read protected areas of a device's kernel memory (memory dedicated to the most essential core components of an operating system and their interactions with system hardware). This flaw could potentially expose protected information like passwords. Since the error is baked into the Intel x86-64 hardware, it requires an OS-level overwrite to patch - on every major operating system, including Windows, Linux, and macOS.

The exact details of the design flaw and to what extent users are vulnerable are being kept under wraps for now, per the Register, though since developers appear to be rushing towards patching systems in coming weeks it is likely very bad. In the absolute worst-case speculative scenario, something as simple as JavaScript running on a webpage or cloud-hosted malware could gain access to some of the most sensitive inner workings of an Intel-based device.

Because the fix entails severing kernel memory entirely from user processes, patched OSes could potentially see a massive performance hit of "five to 30 per cent slowdown, depending on the task and processor model":

These KPTI [Kernel Page Table Isolation] patches move the kernel into a completely separate address space, so it's not just invisible to a running process, it's not even there at all. Really, this shouldn't be needed, but clearly there is a flaw in Intel's silicon that allows kernel access protections to be bypassed in some way.

The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel's overhead, and slows down the computer.

Your Intel-powered machine will run slower as a result.

Five to 30 per cent is a jaw-dropping number, but because of all the secrecy right now it's difficult to tell how noticeable the impact will actually be for consumer use -- enterprise-scale systems like cloud computing are likely to be the hardest hit. For the average user, it's possible that the impact will be negligible. It's also possible that a better implementation of the solution in future patches could reduce the performance hit.

"Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel" in redacted form, "and a similar mitigation began appearing in NT kernels in November," the Python Sweetness blog wrote on Monday. "In the worst case the software fix causes huge slowdowns in typical workloads ... There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine."

One problem with exploits is that even if this one is buried so deep it took ten years to find it, there's no putting the cat back in the bag post-discovery. At the very least, the tiny slice of the market running AMD processors has some grounds to feel pleased about themselves.

[The Register/Hot Hardware]

WATCH MORE: Tech News


Comments

    Well intel better start saving up their pennies because if mid to high end machines suddenly dont work as intended because of a patched manufacturing fault they gonna be up for a bunch of payouts for new spec hardware.

    The it industry as a whole needs to be start being held to the same legal standards as every other industry that provides a good or service. If you bought a v8 car for 50k then get told twp years later 'sorry we stuffed up and we are fixing it.... but youll then only have the performance of a straight 4....' what do you think eould happen? What happened after dieselgate? The mass airbag recall? Yeah big trouble. They know this which is why quality is high. Accountability.

      If it’s anything like dieselgate then you should be waiting for the low and buying stock. How likely is intel to actually fail?

      You mean like when Apple slow down their older phones, so you'll buy a new one?

      Last edited 04/01/18 1:05 pm

      This article is outright wrong. The vulnerability is not limited to Intel, it is affecting all modern processors. Including AMD and ARM processors. It impacts all processors that use speculative execution.

      Last edited 04/01/18 1:20 pm

        Incorrect.

        This only effect Intel CPU's.

        There is another bug that appears to not be as critical/damaging that effects all processors.

          You are wrong. Spectre and Meltdown are the two vulnerabilities. Both are speculative execution vulnerabilities. All x86 and ARM processors that utilise speculative execution are vulnerable. Jesus go read the bloody Google Project Zero report before looking stupid. You can even read their blog post for a layman's version.

          To quote the report 1.3 Hardware:


          We have empirically verified the vulnerability of several Intel processors to Spectre attacks, including Ivy Bridge, Haswell and Skylake based processors. We have also verified the attack’s applicability to AMD Ryzen CPUs. Finally, we have also [s]uccessfully mounted Spectre attacks on several Samsung and Qualcomm processors (which use an ARM architecture) found in popular mobile phones.

          Last edited 05/01/18 9:50 am

      This is exactly what I first thought when I read about the slowdown. I have a Skull Canyon NUC (HTPC and lounge room games) plus a fully water-cooled and partially overclocked i7 gaming dual graphics card rig (also used for video/photo editing and VM's).
      Will not be happy at all if both these PC's slow down after spending a lot of money to get fast processors.
      And we have very strong consumer laws in Australia regarding products which do not function as advertised.
      Since it is a hardware fault, they should really replace all faulty units, but they won't.
      So Intel had better do this fix right because I will definitely be complaining if they don't.
      Best way to keep an eye on any differences is to run some benchmarks now and then after any fix(es), just so you have a measurable difference to work off.

        Intel CPUs are advertised based on clock speed - your 3.0 Ghz i7 or whatever will still be the exact same speed as when you bought it, it's just that it may execute tasks slower because of the software patch to fix a massive security vulnerability. You're not likely to get anywhere insinuating false advertising because you got exactly what you paid for.

        They don't make advertisements with specific claims on actual application performance (it's always a vague 'up to x times faster than y!') for this reason.

      I tried to use this same analogy with the NBN. They shrugged their shoulders at me and did sweet f all...

    On Nov. 29, Brian Krzanich, the CEO of chip giant Intel (NASDAQ:INTC), reported several transactions in Intel stock in a Form 4 filing with the SEC.
    Most of the transactions involved Krzanich exercising employee stock options (these options allowed Krzanich to purchase Intel shares at prices significantly below where they are currently trading) and then immediately selling those shares that he bought at a discount on the open market.

    I'm sure the above was unrelated.

    Last edited 04/01/18 10:35 am

      The stock transactions were scheduled months ahead of when they occurred - so yes it is fairly safe to say they were unrelated. I agree that if the performance hit from this fix is anything material then Intel should be forced to recall their processors and replace them with fault free products that perform as expected and that would see them needing to retool production facilities to make new versions of older pin format chips.
      I suggest people who care about performance benchmark their systems before and after patching and then keep watch for a class action or other legislative process that forces Intel and other affected chip manufacturers to compensate those who have purchased these processors

        Intel only have a 3 year warranty and that is limited to using their cooling.
        It gets complicated because this is an exploit in the CPU but is being patched via software. The patching is done but the involved companies, Microsoft, Apple etc. If the patch slows down your performance, do you go after Intel for the flaw or the software devs for the remedy?
        There have been CPU level exploits before that have been software patched so it isn't an entirely isolated incident.
        This doesn't just effect Intel either, it reportedly can be used on some ARM based CPU as well. So it might not be a flaw inherent just to x86 based systems, that then asks where did the flaw get introduced?

        Considering this was flagged by Google engineers working on project zero in June 2017, then I'd say the "months in advance" checks out with the sales time then correct?

        If you want to find the source then please query "Reading privileged memory with a side-channel + google project zero".

    This article is out of date and misleading. It needs to be updated to include the fact that this is not isolated to Intel. It impacts:
    * Intel;
    * AMD; and
    * ARM processors.

    All to varying degrees, read more on Meltdown and Spectre.

    Specifically the fault is with speculative execution.

      I know AMD, ARM and Intel are susceptible to Spectre, but isn't Intel uniquely susceptible to Meltdown?

        To Meltdown, yes. However both vulnerabilities are branch prediction exploits from the same research. They're both equally critical vulnerabilities.

        Last edited 04/01/18 1:28 pm

      I had heard of it effecting ARM but not AMD. Further inspection shows they are 2 different exploits for the different means of speculative execution as AMD use different means than Intel to achieve it as do ARM.

        Yup and Ryzen is well farked because of it's "AI prediction".

        AMD states that its Ryzen processors have “an artificial intelligence neural network that learns to predict what future pathway an application will take based on past runs” [3, 5], implying even more complex speculative behavior. As a result, while the stop-gap countermeasures described in the previous section may help limit practical exploits in the short term, there is currently no way to know whether a particular code construction is, or is not, safe across today’s processors – much less future designs.

      To quote directly from the research paper:

      https://spectreattack.com/spectre.pdf

      1.3 Hardware

      We have empirically verified the vulnerability of several Intel processors to Spectre attacks, including Ivy Bridge, Haswell and Skylake based processors. We have also verified the attack’s applicability to AMD Ryzen CPUs. Finally, we have also [s]uccessfully mounted Spectre attacks on several Samsung and Qualcomm processors (which use an ARM architecture) found in popular mobile phones.

      Last edited 04/01/18 2:26 pm

    It's now starting to seem as if it was just something no one ever though about being able exploit. So across all the architecture they are in some way exploitable even though they implement it differently.

Join the discussion!